Change asp net website to SSL

[David C]

Can anyone point me to information on how to convert an existing Net 2.0
website to SSL? We are currently developing a site that the customer wants
to use SSL and I am not sure how to convert a non-SSL site. Thanks.

David

 

[daveh551]

Can anyone point me to information on how to convert an existing Net 2.0
website to SSL?  We are currently developing a site that the customer wants
to use SSL and I am not sure how to convert a non-SSL site.  Thanks.

David

David,

To the best of my (limited) knowledge, you don't need to do anything
except get and install your SSL certificate. I just recently switched
mine over. I'm hosted with GoDaddy, and they took care of the
certificate installation. I did add a line in the base class for all
my pages in the Page_Load routine that said something like "if (!
IsSecure) {Response.Redirect("https://<sitename>/page");} to redirect
to the secure server.

There is also something you can add, I think in IIS, to require that a
page or directory be accessed by a secure link if that page requires
it. Since I did the above to guarantee that everything was, I didn't
mess with that, so I can't give you the details.

Hope that helps.

 

[Hans Kesting]

David C brought next idea :

Can anyone point me to information on how to convert an existing Net 2.0
website to SSL? We are currently developing a site that the customer wants
to use SSL and I am not sure how to convert a non-SSL site. Thanks.

David

If you want the whole site to run under SSL, you (as a developer) don't
have to do anything special. It's an IIS setting to require an SSL
(https) connection.

If you want it just for specific pages, this looks promising:
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

Hans Kesting

 

[Gregory A. Beamer]

Get an SSL cert and add it to the site in IIS. If you want only SSL, you can
set up a redirect there, as well. Otherwise, SSL only the portions you need
to have secure.

 

[George]

David C brought next idea :

If you want the whole site to run under SSL, you (as a developer) don't
have to do anything special. It's an IIS setting to require an SSL (https)
connection.

If you want it just for specific pages, this looks promising:
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

Hans Kesting

Would like to add that you must be careful with https pages. You must not
have a reference to http version of the content. Otherwise browser will show
a pop-up warning user about site not being completely secure.

Example:
url: https://www.mysite.com/mypages.apx has an image that is referenced as
<img src="http://www.mysite.com/myimage.gif"> - result Pop-Up
url: https://www.mysite.com/mypages.apx has an image that is referenced as
<img src="/myimage.gif"> - no Pop-Up but image will be downloaded using
https

Same if you have external javascript, css file or <iframe>

It's usually not a problem unless you using third party content on your site
such as click counters, analytic software from MSN or Yahoo or Google.
Those types of software very often add transparent gif to the page using
javascript. Even if you used https notation to download script it still
might use http link to the transparent image resulting in Pop-Up from
browser.

George.