HTML login page to redirect to a .ASP file in a secure folder.

I recently added SSL to my site securing a certain folder making all docuements there start with "HTTPS" prior to the domain name.  Anything outside that folder can be just have a "HTTP" in front of the domain.  The problem I am having is I have a form field where the user log's  in, and that is located on the index.htm file which is outside of the secure folder.  When I try to log in it sends me to an error page (example#1).  I am able to add an "S" onto the domain making it an "https", but not everyone would know how to do that and it would also be a hassle.  My question is, how do I make a login form in "html" file outside my secure folder redirect to a .asp file in a secure folder?


(example#1)
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).

Please try the following:

    Type https:// at the beginning of the address you are attempting to reach and press ENTER.

HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)

Technical Information (for support personnel)

    Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
    Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Secure Sockets Layer (SSL), and About Custom Error Messages.

<form action="./securepages/login_direct.asp" method="post" id="Form2" name="Form2">
              <table border="0" width="25%" id="table2">
                <tr>
                  <td width="50%" align="right"><strong>User Id&nbsp;&nbsp;</strong></td>
                  <td width="50%"><input type="text" id="fuserid" name="fuserid" size="13" maxlength="12" /></td>
                </tr>
                <tr>
                  <td width="50%" align="right"><strong>Password&nbsp;&nbsp;</strong></td>
                  <td width="50%"><input type="password" name="fpswd" size="13" maxlength="12" /></td>
                </tr>
                <tr>
                  <td width="50%"></td>
                  <td width="50%"></td>
                </tr>
                <tr>
                  <td width="50%" align="right"><input type="submit" value="Submit" name="B1" onclick="passedEdit()" /></td>
                  <td width="50%"><input type="button" value="Reset" name="B2" onclick="clearText(document.Form2.fuserid,document.Form2.fpswd)" /></td>
                </tr>
              </table>
			  <br />
              <p>Not a member yet?<br /> 
              <a href="createlogin.htm"> Create a Member Login Account</a></p>
		      <p align="center">If you have <a href="fgtpswd.htm">forgotten </a>your password for your existing Login Account. </p>
		      </form>

Open in new window

Shade22Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pateljituCommented:
Would suggest you to auto re-direct your login page in HTML to https:// using code as provided below:

<meta HTTP-EQUIV="REFRESH" content="0; url=https://www.yourdomain.com/loginform.html">
0
Shade22Author Commented:
I know I can do that, but I wanted to know if and how I would go about going from login in on a unsecure page to redirecting to a secure page. I have seen several sights do this, but just don't know how the code it.
0
pateljituCommented:
Well in that case you can work with URL rewriting if you are using IIS7 and above, here are reference articles.

http://blogs.iis.net/ruslany/archive/2009/04/08/10-url-rewriting-tips-and-tricks.aspx

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

Also do consider of having your HTML page as https://, if that is not the case and your HTML page is http:// user information submitted through the from is still transferred in clear text.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shade22Author Commented:
Thank you for the info.  I guess I will convert the whole site to be under an SSL.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.