Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > asp.net application - http to https

Reply
Thread Tools

asp.net application - http to https

 
 
bkasmai@gmail.com
Guest
Posts: n/a
 
      09-15-2006
My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.

 
Reply With Quote
 
 
 
 
Kevin Spencer
Guest
Posts: n/a
 
      09-15-2006
Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.

--
HTH,

Kevin Spencer
Microsoft MVP
Chicken Salad Surgery

What You Seek Is What You Get.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> My asp.net application (developed using vs2003) runs fine on a windows
> 2000 server using iis 5.0. Our network manager wants to do away with
> any http connections and only use https for services that are used by
> external users. I have not got a clue how to go about this. My users
> are authenticated directly by querying a sql table where the user names
> and passwords are stored. What do I need to do to my application or IIS
> so that internal users use http and external use https? Any help on
> this will be appreciated.
>



 
Reply With Quote
 
 
 
 
bkasmai@gmail.com
Guest
Posts: n/a
 
      09-16-2006
Thanks for you help. I am now much more conversed with https than I was
before. Do i really need to go through the bother of acquiring a
digital certificate if all we need is to allow remote users from
another private lan to access our application via https? The firewalls
on both sides make sure that only machines with specific ip addresses
can get through. The main reason for using https is the security of
data while on transit from one private network to another. Can we use a
self certification cheme? Do we need certification for every Web server
in our network? The application is an asp.net with virtually all codes
behind on the server with no explicit reference to http:// ... within
the codes?

PS Please forgive may ignorance. The main focus of my work is on
application develpment rather than implementation.


Kevin Spencer wrote:
> Whbat you're talking about is using SSL (Secure Sockets Layer). This
> encrypts data being sent back and forth between client and server. You need
> to obtain and install a Secure Certificate on the web server first. See
> http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
> it's simply a matter of ensuring that all links in the web site are via
> HTTPS instead of HTTP, by changing any absolute path references to use
> "https://" instead of "http://" A relative path that comes from an
> HTTPS-requested page will use the same protocol.
>
> --
> HTH,
>
> Kevin Spencer
> Microsoft MVP
> Chicken Salad Surgery
>
> What You Seek Is What You Get.
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > My asp.net application (developed using vs2003) runs fine on a windows
> > 2000 server using iis 5.0. Our network manager wants to do away with
> > any http connections and only use https for services that are used by
> > external users. I have not got a clue how to go about this. My users
> > are authenticated directly by querying a sql table where the user names
> > and passwords are stored. What do I need to do to my application or IIS
> > so that internal users use http and external use https? Any help on
> > this will be appreciated.
> >


 
Reply With Quote
 
Vincent A.
Guest
Posts: n/a
 
      09-16-2006
Hi,

I'm not sure if it will helps you. But for my intranets, I generate an
SSL certificate with my own certificate authority created on a windows
2k3 server. It's really simple to implments if your goal is to crypt
data (you only need to install certificate authority component).
Otherwise, If your goal is to authenticate your server you have to
fallow KB on implementing a PKI infrastructure.

Hope it will help you.

Vincent
http://varod.blogspot.com

(E-Mail Removed) a écrit :

> Thanks for you help. I am now much more conversed with https than I was
> before. Do i really need to go through the bother of acquiring a
> digital certificate if all we need is to allow remote users from
> another private lan to access our application via https? The firewalls
> on both sides make sure that only machines with specific ip addresses
> can get through. The main reason for using https is the security of
> data while on transit from one private network to another. Can we use a
> self certification cheme? Do we need certification for every Web server
> in our network? The application is an asp.net with virtually all codes
> behind on the server with no explicit reference to http:// ... within
> the codes?
>
> PS Please forgive may ignorance. The main focus of my work is on
> application develpment rather than implementation.
>
>
> Kevin Spencer wrote:
> > Whbat you're talking about is using SSL (Secure Sockets Layer). This
> > encrypts data being sent back and forth between client and server. You need
> > to obtain and install a Secure Certificate on the web server first. See
> > http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
> > it's simply a matter of ensuring that all links in the web site are via
> > HTTPS instead of HTTP, by changing any absolute path references to use
> > "https://" instead of "http://" A relative path that comes from an
> > HTTPS-requested page will use the same protocol.
> >
> > --
> > HTH,
> >
> > Kevin Spencer
> > Microsoft MVP
> > Chicken Salad Surgery
> >
> > What You Seek Is What You Get.
> >
> > <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) ups.com...
> > > My asp.net application (developed using vs2003) runs fine on a windows
> > > 2000 server using iis 5.0. Our network manager wants to do away with
> > > any http connections and only use https for services that are used by
> > > external users. I have not got a clue how to go about this. My users
> > > are authenticated directly by querying a sql table where the user names
> > > and passwords are stored. What do I need to do to my application or IIS
> > > so that internal users use http and external use https? Any help on
> > > this will be appreciated.
> > >


 
Reply With Quote
 
bkasmai@gmail.com
Guest
Posts: n/a
 
      09-16-2006
Thanks. This was helpful.
Vincent A. wrote:
> Hi,
>
> I'm not sure if it will helps you. But for my intranets, I generate an
> SSL certificate with my own certificate authority created on a windows
> 2k3 server. It's really simple to implments if your goal is to crypt
> data (you only need to install certificate authority component).
> Otherwise, If your goal is to authenticate your server you have to
> fallow KB on implementing a PKI infrastructure.
>
> Hope it will help you.
>
> Vincent
> http://varod.blogspot.com
>
> (E-Mail Removed) a écrit :
>
> > Thanks for you help. I am now much more conversed with https than I was
> > before. Do i really need to go through the bother of acquiring a
> > digital certificate if all we need is to allow remote users from
> > another private lan to access our application via https? The firewalls
> > on both sides make sure that only machines with specific ip addresses
> > can get through. The main reason for using https is the security of
> > data while on transit from one private network to another. Can we use a
> > self certification cheme? Do we need certification for every Web server
> > in our network? The application is an asp.net with virtually all codes
> > behind on the server with no explicit reference to http:// ... within
> > the codes?
> >
> > PS Please forgive may ignorance. The main focus of my work is on
> > application develpment rather than implementation.
> >
> >
> > Kevin Spencer wrote:
> > > Whbat you're talking about is using SSL (Secure Sockets Layer). This
> > > encrypts data being sent back and forth between client and server. You need
> > > to obtain and install a Secure Certificate on the web server first. See
> > > http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
> > > it's simply a matter of ensuring that all links in the web site are via
> > > HTTPS instead of HTTP, by changing any absolute path references to use
> > > "https://" instead of "http://" A relative path that comes from an
> > > HTTPS-requested page will use the same protocol.
> > >
> > > --
> > > HTH,
> > >
> > > Kevin Spencer
> > > Microsoft MVP
> > > Chicken Salad Surgery
> > >
> > > What You Seek Is What You Get.
> > >
> > > <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed) ups.com...
> > > > My asp.net application (developed using vs2003) runs fine on a windows
> > > > 2000 server using iis 5.0. Our network manager wants to do away with
> > > > any http connections and only use https for services that are used by
> > > > external users. I have not got a clue how to go about this. My users
> > > > are authenticated directly by querying a sql table where the user names
> > > > and passwords are stored. What do I need to do to my application or IIS
> > > > so that internal users use http and external use https? Any help on
> > > > this will be appreciated.
> > > >


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP SOAP/HTTP GET/HTTP POST milan_9211 Software 0 01-10-2011 02:10 PM
server side redirect https => https NOT working Axel ASP General 8 04-27-2009 02:02 AM
https authentication & storing https page in string Naveen Dhanuka Ruby 1 09-19-2007 02:05 PM
open-uri and HTTPS, or net/https with a redirect jotto Ruby 4 10-02-2006 07:26 AM
Using a mix of HTTP and HTTPS in ASP web application Amit ASP .Net Security 1 07-25-2006 04:11 PM



Advertisments