Run only some ASP.NET forms in SSL

Hi experts,

I have an ASP.NET 3.5 (VB.NET) web application on IIS 6.0 which, for the most part, should run in HTTP. However, there are a small amount of forms which I would like to run in HTTPS. I don't want to apply the SSL cert to the whole virtual directory in IIS, but would instead like to pick and choose which forms should always run in SSL.

Any ideas of a simple and clean way of doing this in VB.NET?

Thanks

Jon
LVL 11
Jon WinterburnAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SoLostCommented:
My thinking is that the SSL cert is applied to the entire web site.  Whether you use it on a page or not depends on whether you redirect them to http or https

0
masterpassCommented:
Follow what is mentioned in

http://support.microsoft.com/kb/324069

The 8 th point : Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications. So you can apply it for s single page or folder or for entire site
0
Jon WinterburnAuthor Commented:
okay, so if I was to enable SSL on the whole site, how can I redirect certain pages out of https?
0
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

SoLostCommented:
To go in or out of SSL you have to redirect them to the entire URL with http or https on the front.

e.g.  

' Detect if the current page is secure or not and redirect to a non-secure page
If Request.IsSecureConnection = True Then
    ' Page is currently secure, redirect to non-secure site
    Response.Redirect("http://www.mysite.com/somepage.aspx", False)
Else
    ' Page is not secure.  Leave it that way
     Response.Redirect("~/somepage.aspx", False)
End If
0
masterpassCommented:
I think global.asax would be the right place to do some thing like this

first add a key to the web.config

<add key="SecurePages" value="page1.aspx,page2.aspx"/>

then in the Application_BeginRequest of the global.asax, have this
protected void Application_BeginRequest(object sender, EventArgs e)
{
    if (Request.Url.AbsoluteUri.ToLower().Contains(".aspx"))
    {
        Uri url = HttpContext.Current.Request.Url;
        List<string> securePagesList = System.Configuration.ConfigurationSettings.AppSettings["SecurePages"].Split(',').ToList<string>();
        string page = url.Segments[url.Segments.Length - 1].ToLower();
        if (securePagesList.Contains(page))
        {
            if (!Request.IsSecureConnection) 
            {
                Response.Redirect(url.ToString().Replace("http://", "https://"), true);
            }

        }
        else if (Request.IsSecureConnection)
        {
            Response.Redirect(url.ToString().Replace("https://", "http://"), true);
        }
    }
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jon WinterburnAuthor Commented:
masterpass - I have gone with the global.asax idea which looks good. However, when I convert your C# code to VB.NET I get an error on the line:

Dim securePagesList As List(Of String) = System.Configuration.ConfigurationManager.AppSettings("SecurePages").Split(","c).ToList(Of String)()

The error is:
Error 67 Extension method 'Public Function ToList() As System.Collections.Generic.List(Of TSource)' defined in 'System.Linq.Enumerable' is not generic (or has no free type parameters) and so cannot have type arguments.

The converted code is attached.

If Request.Url.AbsoluteUri.ToLower().Contains(".aspx") Then
            Dim url As Uri = HttpContext.Current.Request.Url
            Dim securePagesList As List(Of String) = System.Configuration.ConfigurationManager.AppSettings("SecurePages").Split(","c).ToList(Of String)()

            '(Of String)()
            Dim page As String = url.Segments(url.Segments.Length - 1).ToLower()
            If securePagesList.Contains(page) Then
                If Not Request.IsSecureConnection Then
                    Response.Redirect(url.ToString().Replace("http://", "https://"), True)

                End If
            ElseIf Request.IsSecureConnection Then
                Response.Redirect(url.ToString().Replace("https://", "http://"), True)
            End If
        End If

Open in new window

0
masterpassCommented:
Try the single line as ,
Dim securePagesList As List(Of String) = System.Configuration.ConfigurationManager.AppSettings("SecurePages").Split(","c).ToList()

Open in new window

0
Jon WinterburnAuthor Commented:
That gives me the ever useful "Object reference not set to an instance of an object."

I assume I've put the SecurePages in the right area of web.config?

<SecurePages>
            <add key="Personal.aspx" value="page" />
            <add key="/Mobile" value="directory" />
</SecurePages>

...just below <appSettings></appSettings>
0
masterpassCommented:
Small correction again
<appSettings>
<add key="SecurePages" value="page1.aspx,page2.aspx"/>
</appSettings>

Open in new window

0
Jon WinterburnAuthor Commented:
An excellent solution, thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.