Link to home
Create AccountLog in
Avatar of RobertNZana
RobertNZanaFlag for United States of America

asked on

How make sure always HTTPS for a page?

I have a payment page for my website.  How can I make sure (with VB.NET) that the page is always utilizing the SSL cert (HTTPS)?  If they come in with HTTP, should I just redirect to HTTPS?  Any code samples would be nice.  Thanks.
Avatar of jjardine
jjardine
Flag of United States of America image

you can use the server variables to look at the referring url to validate if it is using ssl by checking for https.   You could redirect them, but is that just for entering the site or for submiting the data?  if they submit to http, it is already to late to redirect as the data is already there.  
Avatar of RobertNZana

ASKER

So on the page_load check if the "https" is there and if not do a redirect to the same page but append "https" to the front?
SOLUTION
Avatar of jjardine
jjardine
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
After some research I wrote the below code.  It seems to work well.  See any holes with it?

If Not Request.IsSecureConnection Or Request.Url.ToString.Contains("https://") Then
     ' redirect to https
     Dim strNewUrl As String
     strNewUrl = Request.Url.ToString.Replace("http://", "https://")
     Response.Redirect(strNewUrl)
End If

Open in new window

ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Niexxam
Niexxam

where to put those code...please tell me...
form_load of a page, such as checkhttps.aspx