What do I need to build HTTPS secure web form in asp.net?

I am requested to build a web form which nee to be secured, that will hold confidential information, and that will send information out to a distribution list.  I need to plan the steps like which kind of webserver I need, SSL certificates ,etc to build this page. What can I do in the code to prevent any security breach.

I am the programmer. But never have donse secured web forms. Can you please give me some advice .

Thanks in advance.
LVL 9
TonyRebaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
IIS for the web server, an SSL certificate to secure the connection, probably a database to store information, and an editor to create the pages of the site.
0
TonyRebaAuthor Commented:
I dont know much about SSL,can you tell me more, do I have to purchase? How do I install on IIS?
0
santhimurthydCommented:
Enabling SSL in an application is making the client and server communicated with the an secured connection, which will be enabled by installing Certiifcates provided the SSL certificate providers and some of the properties are as follows
Verisign , digicert , geotrust etc...

You have request tehn an certificate for the domain you have registered in the Internet, for e,g You sites is "www.abc.com" then you have get the certificate for that specific domain else the certificate will throw "Mismatch" error and in general "403 UnAuthorizied" error.

Installation SSL in IIS varies based on version and check the below links fo rinstalling the SSL
http://support.microsoft.com/kb/299875
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/56bdf977-14f8-4867-9c51-34c346d48b04.mspx?mfr=true
http://www.sslshopper.com/microsoft-iis-5-and-6-ssl-installation-instructions.html

check and provide your clarification, if you need more inputs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Paul MacDonaldDirector, Information SystemsCommented:
As [santhimurthyd] notes, an SSL connection requires an SSL certificate.  Whether or not you need to buy one depends largely on whether or not the secure site will be available to the public.  It's possible to issue your own certificate to yourself, but for something as simple as a secure web site, I'd advocate buying one.  Any of the large, commercial certificate authorities can issue you an SSL certificate for a nominal fee.
0
TonyRebaAuthor Commented:
So once I purchase the ssl certificate what is needed on the code or the IIS Server to tell that this specific page will be secured ( https) ?
0
Paul MacDonaldDirector, Information SystemsCommented:
For a specific page you can either write code that checks for SSL and redirects to an HTTPS connection if it isn't one already; or you can right-click on the page in the IIS Manager, select the File Security tab, click Edit under Secure Communications, and then check the "Requre secure channel (SSL)" checkbox.
0
RovastarCommented:
Don't confuse SSL and secure coding. SSL is just a way of encrypting traffic it sends out not a secure method of coding.

Just because a site is SSL doesn't  mean it secure.

You will need to prevent XSS (cross site scripting) and SQL injection.

I have requested that this question be added to some security zones. Hopefully they can advise you more.
0
TonyRebaAuthor Commented:
thanks your answer helped me
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.