How to automatically change from httpS to http for a specific folder??

Discussion in 'ASP .Net Security' started by Po-Shan Chang, Mar 5, 2004.

  1. There are great instructions on the web for force HTTPS for specific folder

    How to automatically change from http to https for a specific folde
    http://www.iisfaq.com/default.aspx?View=A407&P=2

    But, my question would be ...

    Question
    ========
    I am trying to set up a website with the following requirements

    1. User can browse through the non-secure pages of the website usin
    ordinary HTTP
    2. User can access the secure pages by first supplying a username an
    password through a web form via SSL. This web-form goes throug
    HTTPS. The idea is to encrypt the password as it's sent across th
    net
    3. Once the user has logged in, he can browse through the rest of th
    site using ordinary HTTP

    I have been able to achieve #1 and #2, but as soon as the user log
    in, he can only browse through the site using HTTPS. Is there a wa
    to configure IIS so that once the user has logged in via SSL, he ca
    browse through the rest of the site using HTTP

    Note: all of the links in my HTML are "relative" links, except for th
    link to my login page, which is an "absolute" link that explicitl
    uses "https"

    Answer from other threads (Can't there be better solution?
    ======================================
    This is an application issue, not an IIS issue. The page that processe
    your web form should be written such that the user is redirected to HTT
    once the authentication process is complete. In most cases, th
    authentication function would store the original request and send the use
    to http://site.com/orig_request once the login has been verified

    ======================================
    If this is the only solution, all of the pages in the website would have to have the exact link (HTTP or HTTPS) specified and I
    do not think this is a good approach

    Thanks a lot.
     
    Po-Shan Chang, Mar 5, 2004
    #1
    1. Advertising

  2. Po-Shan Chang

    Bernard Guest

    The response from other thread is the way to do it.
    but only on the page redirecting user from https to http

    just like how you redirect the one page from http to https,
    same way, but the other direction.

    --
    Regards,
    Bernard Cheah
    http://support.microsoft.com/
    Please respond to newsgroups only ...


    "Po-Shan Chang" <> wrote in message
    news:...
    >
    > There are great instructions on the web for force HTTPS for specific

    folder.
    >
    > How to automatically change from http to https for a specific folder
    > http://www.iisfaq.com/default.aspx?View=A407&P=20
    >
    > But, my question would be ....
    >
    > Question:
    > =========
    > I am trying to set up a website with the following requirements:
    >
    > 1. User can browse through the non-secure pages of the website using
    > ordinary HTTP.
    > 2. User can access the secure pages by first supplying a username and
    > password through a web form via SSL. This web-form goes through
    > HTTPS. The idea is to encrypt the password as it's sent across the
    > net.
    > 3. Once the user has logged in, he can browse through the rest of the
    > site using ordinary HTTP.
    >
    > I have been able to achieve #1 and #2, but as soon as the user logs
    > in, he can only browse through the site using HTTPS. Is there a way
    > to configure IIS so that once the user has logged in via SSL, he can
    > browse through the rest of the site using HTTP?
    >
    > Note: all of the links in my HTML are "relative" links, except for the
    > link to my login page, which is an "absolute" link that explicitly
    > uses "https".
    >
    > Answer from other threads (Can't there be better solution?)
    > =======================================
    > This is an application issue, not an IIS issue. The page that processes
    > your web form should be written such that the user is redirected to HTTP
    > once the authentication process is complete. In most cases, the
    > authentication function would store the original request and send the user
    > to http://site.com/orig_request once the login has been verified.
    >
    > =======================================
    > If this is the only solution, all of the pages in the website would have

    to have the exact link (HTTP or HTTPS) specified and I
    > do not think this is a good approach.
    >
    > Thanks a lot.
     
    Bernard, Mar 5, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Hayes
    Replies:
    2
    Views:
    439
    Andrew Hayes
    Jun 16, 2009
  2. Framework fan

    Automatically toggle between https and http

    Framework fan, Apr 1, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    162
    Framework fan
    Apr 2, 2004
  3. Axel
    Replies:
    8
    Views:
    1,220
    Adrienne Boswell
    Apr 27, 2009
  4. jotto
    Replies:
    4
    Views:
    429
    jotto
    Oct 2, 2006
  5. Tamer
    Replies:
    2
    Views:
    229
    António Marques
    Jan 21, 2008
Loading...

Share This Page