RobertNZana
asked on
How make sure always HTTPS for a page?
I have a payment page for my website. How can I make sure (with VB.NET) that the page is always utilizing the SSL cert (HTTPS)? If they come in with HTTP, should I just redirect to HTTPS? Any code samples would be nice. Thanks.
you can use the server variables to look at the referring url to validate if it is using ssl by checking for https. You could redirect them, but is that just for entering the site or for submiting the data? if they submit to http, it is already to late to redirect as the data is already there.
ASKER
So on the page_load check if the "https" is there and if not do a redirect to the same page but append "https" to the front?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
After some research I wrote the below code. It seems to work well. See any holes with it?
If Not Request.IsSecureConnection Or Request.Url.ToString.Contains("https://") Then
' redirect to https
Dim strNewUrl As String
strNewUrl = Request.Url.ToString.Replace("http://", "https://")
Response.Redirect(strNewUrl)
End If
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
where to put those code...please tell me...
ASKER
form_load of a page, such as checkhttps.aspx