How to imbed non-SSL links within SSL pages without using code

Discussion in 'ASP .Net' started by CW, May 2, 2004.

  1. CW

    CW Guest

    I have pages, such as LogOn.aspx, Payment.aspx that enforces the use of SSL.

    Every single one of my page embeds a header and menu server controls - which
    have links to other pages that do not require SSL.

    In the LogOn.aspx, it automatically detects in the page_load event (using
    URL.Scheme property) whether SSL is running, and if not, redirect to itself
    and replaces http by https in the url. This part runs fine.

    However, all the other links on the logon page (including those on the menu
    and header server controls) now have https rather than http as the URL
    scheme. Is there anyway to get around it? The other pages do not require SSL
    at all.

    The method I have come up with is to turn all links into server controls,
    and then modify its href property in Page_Load event. I think this adds way
    too much unnecessary overhead. Is there any easier way of getting around it?

    An alternative question is: if the whole site runs on SSL (i.e., I will not
    stop turning SSL links into non-SSL links), is this going to cause any major
    issues in terms of server load?

    Another related question is whether SSL is necessary for LogOff.page. I use
    FormsAuthentication (roll my own security).

    A
    CW, May 2, 2004
    #1
    1. Advertising

  2. "CW" wrote:
    > However, all the other links on the logon page (including those on the menu
    > and header server controls) now have https rather than http as the URL
    > scheme. Is there anyway to get around it? The other pages do not require SSL
    > at all.


    The way I do it, is to use absolute links everywhere, but without the protocol://hostname part. E.g. /home.aspx.

    That means that I don't need to do any server-side processing of my navigation structure.

    Once the person gets on to the SSL-version of the site, then they'll stay on SSL for any links that they follow, as all the links start with / . Whether this is a problem probably depends on the next question.

    > An alternative question is: if the whole site runs on SSL (i.e., I will not
    > stop turning SSL links into non-SSL links), is this going to cause any major
    > issues in terms of server load?


    It has never been an issue for me, but obviously it depends on your site traffic and hardware. SSL requires more processor time for the encrypt / decrypt. You can buy dedicated hardware to do this also.

    > Another related question is whether SSL is necessary for LogOff.page. I use
    > FormsAuthentication (roll my own security).


    Probably not, unless you give your users the option that their FormsAuth cookie is SSL only, in which case it'll only be set / removed while they are on the https:// server.

    Kirk
    =?Utf-8?B?S2lyayBKYWNrc29u?=, May 2, 2004
    #2
    1. Advertising

  3. CW

    CW Guest

    Thanks for the help

    "Kirk Jackson" <Kirk > wrote in message
    news:D...
    > "CW" wrote:
    > > However, all the other links on the logon page (including those on the

    menu
    > > and header server controls) now have https rather than http as the URL
    > > scheme. Is there anyway to get around it? The other pages do not require

    SSL
    > > at all.

    >
    > The way I do it, is to use absolute links everywhere, but without the

    protocol://hostname part. E.g. /home.aspx.
    >
    > That means that I don't need to do any server-side processing of my

    navigation structure.
    >
    > Once the person gets on to the SSL-version of the site, then they'll stay

    on SSL for any links that they follow, as all the links start with / .
    Whether this is a problem probably depends on the next question.
    >
    > > An alternative question is: if the whole site runs on SSL (i.e., I will

    not
    > > stop turning SSL links into non-SSL links), is this going to cause any

    major
    > > issues in terms of server load?

    >
    > It has never been an issue for me, but obviously it depends on your site

    traffic and hardware. SSL requires more processor time for the encrypt /
    decrypt. You can buy dedicated hardware to do this also.
    >
    > > Another related question is whether SSL is necessary for LogOff.page. I

    use
    > > FormsAuthentication (roll my own security).

    >
    > Probably not, unless you give your users the option that their FormsAuth

    cookie is SSL only, in which case it'll only be set / removed while they are
    on the https:// server.
    >
    > Kirk
    CW, May 2, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    998
    Murat Tunaboylu
    Jan 6, 2004
  2. Sean Wolfe
    Replies:
    1
    Views:
    2,250
    Joerg Jooss
    Apr 28, 2005
  3. Replies:
    1
    Views:
    3,201
    PeterKellner
    May 16, 2006
  4. tesis

    Mixing SSL/non SSL pages

    tesis, Jul 20, 2007, in forum: ASP .Net
    Replies:
    13
    Views:
    895
    tesis
    Jul 26, 2007
  5. Ravi Singh (UCSD)
    Replies:
    9
    Views:
    119
    Richard Cornford
    May 26, 2005
Loading...

Share This Page