Solved

redirect to https with in global.asa??

Posted on 2002-03-26
9
1,312 Views
Last Modified: 2008-03-03
Hi all.

Is it possible within my global.asa to specify that if my visitors are not on my https that they get shunted to it?

For example, if someone types in to their browser (or gets sent by a search engine) to mydomain.com, how can I redirect them to https://www.mydomain.com?

I'm NOT looking to put a response.redirect on each page, please.

Thanks!
0
Comment
Question by:ClassyLinks
  • 5
  • 3
9 Comments
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6896495
Define a variable in the Application_OnStart like this:

     Application.Contents("SecureURL") = "https://www.yoursite.com"

You can then call all of your pages like:

<a href="<% =Application("SecureURL") %>/pages/yourpage.asp">
0
 
LVL 7

Author Comment

by:ClassyLinks
ID: 6896545
Hi fritz.

So.....If I code all my links like that, it won't start a new session?

For example, if they are at http://mysite.com and they click a link to https://mysite.com a new session would start.  But if they were already at https://mysite.com and clicked on a linke for https://mysite.com/page2.asp a new session would not start??

Am I confusing myself??
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6896585
I am not sure that I follow. The idea is that there will be only one session per user if you do it this way. However, you'll still want to redirect your user if they don't land immediately on the secure site. You can use the server variables collection to verify that the first letters of the current URL are https, otherwise, redirect to "<% =Application("SecureURL") %>/pages/yourpage.asp"

Fritz the Blank
0
 
LVL 7

Author Comment

by:ClassyLinks
ID: 6896644
I think you just confirmed it.  Only one session per user.

GREAT!
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 5

Accepted Solution

by:
funke earned 100 total points
ID: 6896663
Use this logic

'SECURE PAGE SETTINGS
'----------------------------------------------------------------
If Request.ServerVariables("HTTPS") = "on" Then
   'DO NOTHING
Else
   Response.Redirect "https://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("PATH_INFO") & "?" & Request.ServerVariables("QUERY_STRING")
     
End If
'----------------------------------------------------------------
0
 
LVL 7

Author Comment

by:ClassyLinks
ID: 6896690
funke....can that go in the global.asa?
0
 
LVL 46

Expert Comment

by:fritz_the_blank
ID: 6896761
ClassyLinks,

You might try putting Funke's code in an include file and place it at the top of each page.

Fritz the Blank
0
 
LVL 7

Author Comment

by:ClassyLinks
ID: 6896862
ok...getting closer......now how do I ditch that security error

"This page contains non-secure items"

Pop's up on every page.
0
 
LVL 7

Author Comment

by:ClassyLinks
ID: 6896892
AHA!  Figured it out.  Had to get rid of my Human Click button.

Works beautifully.

Points to funke on this one.

50pts to you Fritz for helping out!  Check the ta.

Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JQuery Date Time picker not showing 29 114
Update table value with join syntax 2 60
API works for 1 result, need to make it many 30 68
ASP Focus problem 3 53
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now