Mixing SSL/non SSL pages

Discussion in 'ASP .Net' started by tesis, Jul 20, 2007.

  1. tesis

    tesis Guest

    Hi all gurus;
    forgive me if I'm writing about a basic question.
    I need to call a secured (SSL) page from a .aspx page. Calling an
    absolute URL rises an error (invalid path... Virtual path required), so
    I'm not able to intermix http and https calls. Is there a way to make it
    so? TIA



    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 20, 2007
    #1
    1. Advertising

  2. "tesis" <> wrote in message
    news:...

    > Hi all gurus;
    > forgive me if I'm writing about a basic question.
    > I need to call a secured (SSL) page from a .aspx page. Calling an
    > absolute URL rises an error (invalid path... Virtual path required), so
    > I'm not able to intermix http and https calls. Is there a way to make it
    > so? TIA


    Please show your code.


    --
    Mark Rae
    ASP.NET MVP
    http://www.markrae.net
    Mark Rae [MVP], Jul 20, 2007
    #2
    1. Advertising

  3. tesis

    tesis Guest

    LOT, Mark, 4 your rpy. Here's my (real) code:

    Private Sub btnRinnCrCard_Click(ByVal sender As System.Object, ByVal
    e As System.EventArgs) Handles btnRinnCrCard.Click
    Session("IdSocieta") = lblIdSoc.Text
    Session("Denominazione") = txtDenominazione.Text
    Session("ImpRinnovo") = txtImpDovuto.Text
    Session("CausaleVers") = "Riaffiliazione"
    Session("CodCausale") = "2"
    Dim temp As String = Session.SessionID
    Dim path As String = Server.MapPath(".")
    'it's unuseful to store ds in a Session variable, as it will be
    lost switching to https, so it needs to be serialized; better to make it
    so now
    dsRiepilogo.WriteXml(path + "\" + temp + ".tmp")
    Dim serverName As String =
    HttpContext.Current.Server.MachineName
    If serverName = "AMILO" Then
    Server.Transfer("wfrmPagaCarta.aspx") 'development server
    Else

    Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
    ")
    End If
    End Sub



    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 22, 2007
    #3
  4. "tesis" <> wrote in message
    news:...

    > Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx")



    Is it not simply that the above URL is actually invalid...?


    --
    Mark Rae
    ASP.NET MVP
    http://www.markrae.net
    Mark Rae [MVP], Jul 22, 2007
    #4
  5. tesis

    tesis Guest

    Hi Mark.
    No, unfortunately, the link is valid. (BTW, the site actually listens on
    ports 8080/5443, which at this moment are locked but for internal
    addresses, so it's unreacheable but from IPs inside the firewall). The
    error thrown AFAIK indicates that an absolute url can't be used, only a
    virtual one can. Does it make sense? TIA

    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 22, 2007
    #5
  6. tesis

    tesis Guest

    Hi Mark, a little clarification!
    The code was:

    If ServerName = "AMILO" then
    Server.Transfer("http://localhost/TessHockey/wfrmPagaCarta.aspx")
    else
    Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
    ")
    endif

    and the error was thrown even walking the 1st part of the if statement,
    so for developing I changed it in a relative path.


    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 22, 2007
    #6
  7. "tesis" <> wrote in message
    news:...

    > No, unfortunately, the link is valid. (BTW, the site actually listens on
    > ports 8080/5443, which at this moment are locked but for internal
    > addresses, so it's unreacheable but from IPs inside the firewall). The
    > error thrown AFAIK indicates that an absolute url can't be used, only a
    > virtual one can. Does it make sense? TIA



    Apologies - completely missed that!

    Yes, you're quite correct - Server.Transfer doesn't allow absolute paths,
    only relative ones, because it considers a double slash (// or \\) as an
    invalid character combination:
    http://msdn2.microsoft.com/en-us/library/ms525800.aspx

    So, you have three choices:

    1) Make the entire site https (probably not a good idea if you only require
    SSL on a small section of the site)

    2) Use Response.Redirect instead of Server.Transfer (not ideal because of
    session management issues)
    http://www.google.co.uk/search?hl=e...r.Transfer vs response.redirect session&meta=

    3) Use this:
    http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp?select=1095511&df=100&forumid=53615&exp=0
    It's a superb add-in for ASP.NET and, once you've configured it, you really
    can just forget it.


    --
    Mark Rae
    ASP.NET MVP
    http://www.markrae.net
    Mark Rae [MVP], Jul 22, 2007
    #7
  8. tesis

    tesis Guest

    I really appreciate your help, Mark.
    It's a very interesting solution you quotes on your 3rd chance. I'm
    going to try this approach. Thanks again.


    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 22, 2007
    #8
  9. "tesis" <> wrote in message
    news:...

    > It's a very interesting solution you quotes on your 3rd chance. I'm
    > going to try this approach.


    I use it for all my sites and web apps which require SSL.


    --
    Mark Rae
    ASP.NET MVP
    http://www.markrae.net
    Mark Rae [MVP], Jul 22, 2007
    #9
  10. re:
    !> the site actually listens on ports 8080/5443

    If those are the ports which the site listens on, and :
    https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
    is the URL you redirect to, you're redirecting to port 80, not 8080.

    I wonder if that could have something to do with your problem.

    If you want to redirect to that URL, on port 8080, you should use :

    https://www.fih-hockey.it:8080/TessOnLine/wfrmPagaCarta.aspx




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "tesis" <> wrote in message news:...
    >
    >
    > Hi Mark.
    > No, unfortunately, the link is valid. (BTW, the site actually listens on
    > ports 8080/5443, which at this moment are locked but for internal
    > addresses, so it's unreacheable but from IPs inside the firewall). The
    > error thrown AFAIK indicates that an absolute url can't be used, only a
    > virtual one can. Does it make sense? TIA
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    Juan T. Llibre, Jul 22, 2007
    #10
  11. And, of course, that assumes you're using 8080 as your SSL port.

    If you're using 5443 as your SSL port, that URL would be :

    https://www.fih-hockey.it:5443/TessOnLine/wfrmPagaCarta.aspx



    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ======================================
    "Juan T. Llibre" <> wrote in message news:...
    > re:
    > !> the site actually listens on ports 8080/5443
    >
    > If those are the ports which the site listens on, and :
    > https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
    > is the URL you redirect to, you're redirecting to port 80, not 8080.
    >
    > I wonder if that could have something to do with your problem.
    >
    > If you want to redirect to that URL, on port 8080, you should use :
    >
    > https://www.fih-hockey.it:8080/TessOnLine/wfrmPagaCarta.aspx
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ======================================
    > "tesis" <> wrote in message news:...
    >>
    >>
    >> Hi Mark.
    >> No, unfortunately, the link is valid. (BTW, the site actually listens on
    >> ports 8080/5443, which at this moment are locked but for internal
    >> addresses, so it's unreacheable but from IPs inside the firewall). The
    >> error thrown AFAIK indicates that an absolute url can't be used, only a
    >> virtual one can. Does it make sense? TIA
    >>
    >> *** Sent via Developersdex http://www.developersdex.com ***

    >
    >
    Juan T. Llibre, Jul 22, 2007
    #11
  12. tesis

    tesis Guest

    Thank you, Juan, 4 your interest.
    Of course you're quite right: I've to include ports in URL if not
    addressing port 80 for http and 443 for https. I've just striped ports
    from code snipplets for the sake of simplicity. The real code should
    address the real ports. I guess I should write in web.config:
    encrypedUri="www.mysite.com:5443" unencriptedUri="www.mysite.com:8080".
    Have a nice day.

    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 23, 2007
    #12
  13. tesis

    tesis Guest

    Hi Mark,
    forgive me if I'm bothering you once more.
    Since the real code should address the real ports, I guess I've 2 write
    in web.config:

    encrypedUri="www.mysite.com:5443" unencriptedUri="www.mysite.com:8080"

    Am I correct? If not, how2 address non-standard ports?
    At the moment, I'm configuring my development environment with version
    2.6, since it's FW 1.1 (BTW, notices are 4 3.1, and this caused me some
    headache), and addressing ports with encrypted/unencryptedUri is working
    fine.
    A curious side effect of this module is that having 2 bg pictures with
    same name in unsecure dir and secure dir, pages are displayed 1st time
    with "unsecure" bg, and then, only when secured, with "secure" bg;
    actually, I'm going to use this effect for my advantage.
    Have a nice day, and LOT again.


    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 23, 2007
    #13
  14. tesis

    tesis Guest

    Hi gurus.
    This approach behaves well in my dev enironment. While switched to
    production, however, problems arise. Variable fields in the page are not
    saved. Session variables are no more mantained between pages ('cause
    SessionId changes) when security module switches between http and https,
    nor context variables do. I've read a suggestion to use server.execute,
    but this mixes page contents. Cache objects last too long, and
    application's can't be used as it's system-wide, and many users can use
    the same app at the same time. Cookies may be disabled on clients' side,
    and since security module handles the request generating a second
    request when switching contexts, even QueryString, I guess (this one are
    not have tested), can't be used. What else can I do?

    *** Sent via Developersdex http://www.developersdex.com ***
    tesis, Jul 26, 2007
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    983
    Murat Tunaboylu
    Jan 6, 2004
  2. CW
    Replies:
    2
    Views:
    502
  3. desktop
    Replies:
    2
    Views:
    446
    Victor Bazarov
    Jun 6, 2007
  4. =?Utf-8?B?TWlrZQ==?=

    Mixing Non-ASP.NET & ASP.NET Files in One Domain

    =?Utf-8?B?TWlrZQ==?=, Aug 10, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    282
    Cowboy \(Gregory A. Beamer\)
    Aug 10, 2007
  5. Daniel Frechette
    Replies:
    2
    Views:
    169
    Thomas 'PointedEars' Lahn
    Apr 10, 2006
Loading...

Share This Page