Redirect to a secure page using HTTPS without an absolute URL

P

Pooja Renukdas

Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.
 
R

Rajeev Soni

Hi

you can use

response.redirect(Request.ApplicationPath + "/Homepage.aspx");

rajeev
 
S

Sanjay Poojari

You can do the following. Obviously, you'll have to change the code a bit
to suit what you want, but i guess you can derive it from this...


if(Request.ServerVariables["HTTPS"].ToLower() == "off")
{
strBaseURL = "http://";
}
else
{
strBaseURL = "https://";
}
strBaseURL = strBaseURL + Request.ServerVariables["SERVER_NAME"] + ":";
strBaseURL = strBaseURL + Request.ServerVariables["SERVER_PORT"];
strBaseURL = strBaseURL + Request.ServerVariables["URL"];
 
M

Matt Sollars

Pooja,

There are a few ways to accomplish your task. I'll list a couple.

1.) You could add a few lines of code to your Global.asax file for the
Application_BeginRequest event handler. This handler would simply check the
current page request, via Request.Path.EndsWith("/PageName.aspx"), for
either of the two pages you need to be secure. Once it's determined if the
page requested needs to be secure, check Request.IsSecureConnection to see
if the request was already made via HTTPS. If not, redirect to
Request.Path.Replace("http://", "https://"). If the requested page is not
one of those two pages yet Request.IsSecureConnection returns True, then
redirect to Request.Path.Replace("https://", "http://") to undo the secure
connection.

2.) Another alternative is to create an HttpModule that you can install with
each project, or for the entire server via machine.config, that reads a
custom configuration section from your web.config file for the pages and
directories that need to be secured and any pages and directories that
should be ignored (i.e. requests that should remain in the protocal they
were requested). This class would read those pages into a searchable
collection and test for a match with the current requested page from the
BeginRequest event once again. A decision to redirect is made there.

Have fun,
Matt



Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Redirect 301 Static Page with Parameters to Static Page 1
Auto redirect http to https 1
http to https redirect 4
Redirect From https to http 2
Pass URL to another page 4
I want to have a button in a web page with action for open new phone contact page and fill it with some date 1
Obtaining the Absolute URL of a page 12
http to https redirect 4

Members online

Total: 39 (members: 2, guests: 37)
Robots: 412

Forum statistics

Threads
473,769
Messages
2,569,576
Members
45,054
Latest member
LucyCarper

Latest Threads

Top