Scott Pace
asked on
How do you create a secure connection
Hello,
I am currently having problems running my application (www.stored-passwords.com) using ASP.net with Visual Basic 2017.
The web.config file contains the following:
<appSettings>
<add key="SecureAppPath" value="https://www.stored-passwords.com"/>
</appSettings>
The code that retrieves the secure application path from the web.config file.
Dim sURL As String
sURL = "https:" & ConfigurationManager.AppSe ttings("Se cureAppPat h") & "Default.aspx"
Response.Redirect(sURL)
Everytime I try to run this app an exception is thrown.
Could someone please help?
web.config.txt
Default.txt
I am currently having problems running my application (www.stored-passwords.com) using ASP.net with Visual Basic 2017.
The web.config file contains the following:
<appSettings>
<add key="SecureAppPath" value="https://www.stored-passwords.com"/>
</appSettings>
The code that retrieves the secure application path from the web.config file.
Dim sURL As String
sURL = "https:" & ConfigurationManager.AppSe
Response.Redirect(sURL)
Everytime I try to run this app an exception is thrown.
Could someone please help?
web.config.txt
Default.txt
Well for the actual question, David is 100% correct, you should be using rewrite rules as they will handle this far better.
But since you posted your items on here, a couple of points on your code:
1) I think your error is due to something else, as you would probably get more than just a 500 error from what you posted. You should check your logs
2) Even if you get past that error, won't work as it is. Your settings already has https:, and you're adding that again in the string. So you'd end up with https:https://www.stored-passwords.com
3) You don't have a slash on either the setting or the string construction, so the page would end up as www.stored-passwords.comDefault.aspx. No "/"
4) You shouldn't be using "&" to join the strings, use string.Format or template strings (depending on your .net version)
5) Once it works, you'll be locked in an endless loop. You have no if condition in there, so it would Redirect to default, hit the function and redirect again, and again, and again. You would need to check if you're already on a secure page, and only redirect if you're not. Which btw is part of what the rewrite rules do.
AND CRITICAL: please remove your files and edit them. You posted your web.config file with full connection string information. If you don't have that firewalled (which I'm guessing you don't), you just gave everyone the credentials to log in and manage your database.
You have to be sure you pull critical info like that out of your files before you upload.
But since you posted your items on here, a couple of points on your code:
1) I think your error is due to something else, as you would probably get more than just a 500 error from what you posted. You should check your logs
2) Even if you get past that error, won't work as it is. Your settings already has https:, and you're adding that again in the string. So you'd end up with https:https://www.stored-passwords.com
3) You don't have a slash on either the setting or the string construction, so the page would end up as www.stored-passwords.comDefault.aspx. No "/"
4) You shouldn't be using "&" to join the strings, use string.Format or template strings (depending on your .net version)
5) Once it works, you'll be locked in an endless loop. You have no if condition in there, so it would Redirect to default, hit the function and redirect again, and again, and again. You would need to check if you're already on a secure page, and only redirect if you're not. Which btw is part of what the rewrite rules do.
AND CRITICAL: please remove your files and edit them. You posted your web.config file with full connection string information. If you don't have that firewalled (which I'm guessing you don't), you just gave everyone the credentials to log in and manage your database.
You have to be sure you pull critical info like that out of your files before you upload.
ASKER
Dear David and Snarf0001,
I want to thank both of you renowned and verified experts to take your valuable time for quickly providing a solution to my current problem.
But I hope both of you will bare with me as I am not an expert on ASP.net and I came away somewhat confused on what to do. David said add the URL-rewrite module into iis. Is this the same as adding it to an existing web.config file or even replacing the existing web.config with the URL-rewrite module.
Either way I could not get my application to work. I did some reading on IIS by Microsoft and was wondering if I should install the extension for URL Rewrite and the applications related to Web Platform Installer 5.1?
If my questions appear stupid, please bare with me. I was a fair programmer in the past and currently want to learn as much as I can as quick as I can.
Anyway it was an honor to meet both of you fine gentlemen. I just hope you can give me some guidance so I can finish this application.
Thanks
Scott E. Pace, MD
I want to thank both of you renowned and verified experts to take your valuable time for quickly providing a solution to my current problem.
But I hope both of you will bare with me as I am not an expert on ASP.net and I came away somewhat confused on what to do. David said add the URL-rewrite module into iis. Is this the same as adding it to an existing web.config file or even replacing the existing web.config with the URL-rewrite module.
Either way I could not get my application to work. I did some reading on IIS by Microsoft and was wondering if I should install the extension for URL Rewrite and the applications related to Web Platform Installer 5.1?
If my questions appear stupid, please bare with me. I was a fair programmer in the past and currently want to learn as much as I can as quick as I can.
Anyway it was an honor to meet both of you fine gentlemen. I just hope you can give me some guidance so I can finish this application.
Thanks
Scott E. Pace, MD
it is part of IIS and is not normally installed by default. You have to add it via servermanager or powershell add-windowsfeature web-http-redirect
ASKER
Hello David,
When I run PowerShell:
PS C:\users\drp\source\repos\ Absolutely -Final-Sto red-Passwo rds\Absolu tely-Final -Stored-Pa sswords\Ab solutely-F inal-Store d-Password s\add-wind owsfeature web-http-redirect
I get the term "\source\repos\Absolutely- Final-Stor ed-Passwor ds\Absolut ely-Final- Stored-Pas swords\Abs olutely-Fi nal-Stored -Passwords \add-windo wsfeature web-http-redirect" is not recognized as the name of a cmdlet, function, script file or operable program.
ObjectNotFound: (\source\repos\A...ored-Pa sswords/:S tring) [], CommandNotFoundException
I have no idea where in my program I can find the proper cmdlet, function, script file or operable program to "add-windowsfeature web-http-redirect".
I have sent a compressed file of the web site. I was wondering if you would be kind enough to look at it and give me further assistance. IF I sent the wrong files then tell me and I will try to send you what you need.
Thanks a bunch,
Scott
When I run PowerShell:
PS C:\users\drp\source\repos\
I get the term "\source\repos\Absolutely-
ObjectNotFound: (\source\repos\A...ored-Pa
I have no idea where in my program I can find the proper cmdlet, function, script file or operable program to "add-windowsfeature web-http-redirect".
I have sent a compressed file of the web site. I was wondering if you would be kind enough to look at it and give me further assistance. IF I sent the wrong files then tell me and I will try to send you what you need.
Thanks a bunch,
Scott
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Add the url-rewrite module into iis
Open in new window