Secure pages with SSL/https using ASP.NET.
I have an asp.net application on Windows/ IIS server, hosted by a ISP.
My question is how do I identify the pages that I want to make https?
Should I stick all those pages in one folder?
If SSL is activated for an entire website, what is the normal method for
identifying the pages you want secure? I would think putting them in one folder
would make sense, but does anyone have experience on how it is actually done?
My question is how do I identify the pages that I want to make https?
Should I stick all those pages in one folder?
If SSL is activated for an entire website, what is the normal method for
identifying the pages you want secure? I would think putting them in one folder
would make sense, but does anyone have experience on how it is actually done?
have a look here on how to configure ur server for SSL and how to obtain the server certificate for the same ..
Obtaining a Server Certificate
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iiocrsc.htm
Obtaining a Server Certificate
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iiocrsc.htm
details about SSL and how to go about using it ...(from the verisign website)
http://www.verisign.com/products-services/security-services/ssl/ssl-information-center/index.html
http://www.verisign.com/products-services/security-services/ssl/ssl-information-center/index.html
If the list of users of ur web site is known, i.e. it is a B2B site, then you could think of creating your own server certificate (using the certifiate server provided by microsoft), but then u will have to ask all of ur users to install the a "CA certificate" in their browser and u will have to provide a link to it (for download) ... to view all the exiting CA certicates in ur browser, open IE .. menu .... Tools->internet option->Content tab .. Certificates button .. it will open a new window .. select the tab "Trusted Root Certifiation Authorities" ..
have a look here for more explanation ... (wait for the page to load .. I think there is advertisement at the start and then the actual page loads)
http://www.windowsitlibrary.com/Content/405/17/toc.html?Ad=1&
have a look here for more explanation ... (wait for the page to load .. I think there is advertisement at the start and then the actual page loads)
http://www.windowsitlibrary.com/Content/405/17/toc.html?Ad=1&
ASKER
thanks Rejojohny . . .
This is an E-commerce site and is being hosted by discountasp.net.
I won't be configuring the server . . . the ISP has to do that.
At this point, I just need to know if I should put all the files that need to be secure
in one folder . . . will this make things easier later? . . . or does it really matter or not.
About verisign . . . I have a question about it if you want to take a look:
https://www.experts-exchange.com/questions/21424354/Verisign-SSL-Certificates.html#14005563
This is an E-commerce site and is being hosted by discountasp.net.
I won't be configuring the server . . . the ISP has to do that.
At this point, I just need to know if I should put all the files that need to be secure
in one folder . . . will this make things easier later? . . . or does it really matter or not.
About verisign . . . I have a question about it if you want to take a look:
https://www.experts-exchange.com/questions/21424354/Verisign-SSL-Certificates.html#14005563
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SSL can be configured for a single page too .. so there is not really a need for you to add all of ur pages requiring ssl to be in a single directory ...
use the IIS console to configure the pages for ssl .. as u have hosted this application with an ISP, am sure they have the expertise to do it and you can just make a request and provide them with the list of pages .. but note, to enable SSL, you will require a server certificate .. read more about it on MSDN .. you will have to purchase it from a certifacate authoruty like verisign .. you will get lots of details about SSL in their site .. you will also have to ask for details from you ISP about whether they already have a server certificate installed on their server ... and whether your appplication is the only application on that server (which is highly unlikely) and whether you can use the existing ceritficate (if present)