M
mpes
Hi all,
My ASP.NET intranet web application uses windows authentication. It has to
support both IE and Mozilla browsers so I am forced to allow Basic
Authentication for Mozilla users. Because of some intranet configuration
issues I cannot use the Digest Authentication.
I would like to protect the user name/password using SSL. But for
performance reason I want to protect just login, the rest of the
communication shouldn't use SSL.
What is the way of doing this? The application start page is default.aspx.
I tried:
1. Set "Require SSL" for default.aspx page in IIS - result is that SSL will
then be used for all pages
2. Hook in Global.asax Application_BeginRequest and if the request is not
for default.aspx I rewrite "https" request to "http" - that works and
switches the protocol, however with switching the protocol the web browser
fires the login window again (so the user has to type in the password second
time and this time I believe it would travel in clear text)
Any other ideas? I searched internet quite extensively but could not find
anything.
Thanks,
Martin
My ASP.NET intranet web application uses windows authentication. It has to
support both IE and Mozilla browsers so I am forced to allow Basic
Authentication for Mozilla users. Because of some intranet configuration
issues I cannot use the Digest Authentication.
I would like to protect the user name/password using SSL. But for
performance reason I want to protect just login, the rest of the
communication shouldn't use SSL.
What is the way of doing this? The application start page is default.aspx.
I tried:
1. Set "Require SSL" for default.aspx page in IIS - result is that SSL will
then be used for all pages
2. Hook in Global.asax Application_BeginRequest and if the request is not
for default.aspx I rewrite "https" request to "http" - that works and
switches the protocol, however with switching the protocol the web browser
fires the login window again (so the user has to type in the password second
time and this time I believe it would travel in clear text)
Any other ideas? I searched internet quite extensively but could not find
anything.
Thanks,
Martin