ASP.net SSL w/ an SSL Accelerator

N

Nathan Crosby

We have a website in which we will have an SSL component for order
processing. We just found out that we will have a hardware SSL accelerator
card
within the network architecture. From what we understand, the card will TX/RX
to the webfarm via port 80 for all traffic. This is new for us and do not
know if there is anything special needed in the application layer to
accomidate an SSL card vs. handling the SSL directly on the server within
and ASP.net code.

Has anyone seen this before and is there anything special that needs to take
place on the application layer to make this work. Someone in our groups
thinks we need to now use absolute paths so the application knows what kind
of connection exists.
 
J

Joerg Jooss

Thus wrote Nathan,
We have a website in which we will have an SSL component for order
processing. We just found out that we will have a hardware SSL
accelerator card within the network architecture. From what we
understand, the card will TX/RX to the webfarm via port 80 for all
traffic. This is new for us and do not know if there is anything
special needed in the application layer to accomidate an SSL card vs.
handling the SSL directly on the server within and ASP.net code.

Has anyone seen this before and is there anything special that needs
to take place on the application layer to make this work.

Generelly speaking, yes. Whenever you switch from HTTPS to HTTP in front
of your application server, you have to consider a couple of things.

The most obvious is the fact that IIS and ASP.NET will never receive a HTTPS
request when you have front end SSL accelerator. Thus, if your application
code has to know whether the original request has been sent over a secure
connection or not, you'll need some help from the accelerator. Some of these
devices for example are able to add a custom header to the HTTP request.
Just remember that even with those work arounds in place, the standard ASP.NET
infrastructure isn't likely to know about or use them, so avoid APIs like
HttpRequest.IsSecureConnection or any equivalent server variables like SERVER_PORT_SECURE.

A less obvious issue are HTTP redirects sent from your application code.
You should avoid fully qualified redirect URLs, as these will always use
HTTP instead of HTTPS (see above -- ASP.NET has no idea that the original
request was using a secure connection). By default, ASP.NET doesn't redirect
with fully qualified URLs, unless you set it in your configuration's <httpRuntime
/> element.

Cheers,
 
N

Nathan Crosby

Thanks Joerg. This is certainly helpful.

Joerg Jooss said:
Thus wrote Nathan,


Generelly speaking, yes. Whenever you switch from HTTPS to HTTP in front
of your application server, you have to consider a couple of things.

The most obvious is the fact that IIS and ASP.NET will never receive a HTTPS
request when you have front end SSL accelerator. Thus, if your application
code has to know whether the original request has been sent over a secure
connection or not, you'll need some help from the accelerator. Some of these
devices for example are able to add a custom header to the HTTP request.
Just remember that even with those work arounds in place, the standard ASP.NET
infrastructure isn't likely to know about or use them, so avoid APIs like
HttpRequest.IsSecureConnection or any equivalent server variables like SERVER_PORT_SECURE.

A less obvious issue are HTTP redirects sent from your application code.
You should avoid fully qualified redirect URLs, as these will always use
HTTP instead of HTTPS (see above -- ASP.NET has no idea that the original
request was using a secure connection). By default, ASP.NET doesn't redirect
with fully qualified URLs, unless you set it in your configuration's <httpRuntime
/> element.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top