ravensFAC
asked on
How to implement HTTPS for an entire site, including the default.aspx page
I am working on a site that currently switches to https only once the user has logged in. The client has requested that the entire site be secure using their ssl certificate and that all pages, including the default.aspx page be under https. What is the best way to set the entire site to run under https?
Thanks,
Jason
Thanks,
Jason
if you already have a SSL certificate installed on web server on the root domain, you just have to modify the links on all the pages to reflect to https instead of http. You can redirect index ppage to https version.
ASKER
Thanks, but I should have mentioned that I already tried that. I set a response.redirect on the page_init to point to the https url. It just hung forever... Other ideas?
Ok first check if your SSL certificaate is setup on root directory or not
Open https URL for your domain in explorer i.e. https://www.yourdomain.com
If that page opens, then instead of using page_init use page_load and set response.redirect to that page.
If the https page doesnt open then you might have to setup a SSL certificate on server.
Open https URL for your domain in explorer i.e. https://www.yourdomain.com
If that page opens, then instead of using page_init use page_load and set response.redirect to that page.
If the https page doesnt open then you might have to setup a SSL certificate on server.
ASKER
Yes, SSL is set on the root. The site switches to that on login and the base https://www.yourdomain.com has always worked when typed in directly. Why use page_load rather than page_init?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, that is a possible solution. It just seems a little backwards to have to create a fake default page that redirects to your real default page. I would prefer a solution through IIS that simply forced https for all pages in the specified domain. Let me do a little more research and see if I get any other posted solutions here. If I don't I will accept your answer. Thanks for the help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Using ISAPI like Helicon ISAPI Rewrite you can do HTTP to HTTPS redirect without actual site coding. Check following forum post on their site :
http://www.helicontech.com/forum/forum_posts-TID-8619.htm
http://www.helicontech.com/forum/forum_posts-TID-8547.htm
and this following blog post even describes it better :
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https
http://www.helicontech.com/forum/forum_posts-TID-8619.htm
http://www.helicontech.com/forum/forum_posts-TID-8547.htm
and this following blog post even describes it better :
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https