Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > How to automatically change from httpS to http for a specific folder??

Reply
Thread Tools

How to automatically change from httpS to http for a specific folder??

 
 
Po-Shan Chang
Guest
Posts: n/a
 
      03-05-2004

There are great instructions on the web for force HTTPS for specific folder

How to automatically change from http to https for a specific folde
http://www.iisfaq.com/default.aspx?View=A407&P=2

But, my question would be ...

Question
========
I am trying to set up a website with the following requirements

1. User can browse through the non-secure pages of the website usin
ordinary HTTP
2. User can access the secure pages by first supplying a username an
password through a web form via SSL. This web-form goes throug
HTTPS. The idea is to encrypt the password as it's sent across th
net
3. Once the user has logged in, he can browse through the rest of th
site using ordinary HTTP

I have been able to achieve #1 and #2, but as soon as the user log
in, he can only browse through the site using HTTPS. Is there a wa
to configure IIS so that once the user has logged in via SSL, he ca
browse through the rest of the site using HTTP

Note: all of the links in my HTML are "relative" links, except for th
link to my login page, which is an "absolute" link that explicitl
uses "https"

Answer from other threads (Can't there be better solution?
======================================
This is an application issue, not an IIS issue. The page that processe
your web form should be written such that the user is redirected to HTT
once the authentication process is complete. In most cases, th
authentication function would store the original request and send the use
to http://site.com/orig_request once the login has been verified

======================================
If this is the only solution, all of the pages in the website would have to have the exact link (HTTP or HTTPS) specified and I
do not think this is a good approach

Thanks a lot.
 
Reply With Quote
 
 
 
 
Bernard
Guest
Posts: n/a
 
      03-05-2004
The response from other thread is the way to do it.
but only on the page redirecting user from https to http

just like how you redirect the one page from http to https,
same way, but the other direction.

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...


"Po-Shan Chang" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> There are great instructions on the web for force HTTPS for specific

folder.
>
> How to automatically change from http to https for a specific folder
> http://www.iisfaq.com/default.aspx?View=A407&P=20
>
> But, my question would be ....
>
> Question:
> =========
> I am trying to set up a website with the following requirements:
>
> 1. User can browse through the non-secure pages of the website using
> ordinary HTTP.
> 2. User can access the secure pages by first supplying a username and
> password through a web form via SSL. This web-form goes through
> HTTPS. The idea is to encrypt the password as it's sent across the
> net.
> 3. Once the user has logged in, he can browse through the rest of the
> site using ordinary HTTP.
>
> I have been able to achieve #1 and #2, but as soon as the user logs
> in, he can only browse through the site using HTTPS. Is there a way
> to configure IIS so that once the user has logged in via SSL, he can
> browse through the rest of the site using HTTP?
>
> Note: all of the links in my HTML are "relative" links, except for the
> link to my login page, which is an "absolute" link that explicitly
> uses "https".
>
> Answer from other threads (Can't there be better solution?)
> =======================================
> This is an application issue, not an IIS issue. The page that processes
> your web form should be written such that the user is redirected to HTTP
> once the authentication process is complete. In most cases, the
> authentication function would store the original request and send the user
> to http://site.com/orig_request once the login has been verified.
>
> =======================================
> If this is the only solution, all of the pages in the website would have

to have the exact link (HTTP or HTTPS) specified and I
> do not think this is a good approach.
>
> Thanks a lot.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Change Scheme From HTTP To HTTPS On PostBack Andrew Hayes ASP .Net 2 06-16-2009 12:03 AM
server side redirect https => https NOT working Axel ASP General 8 04-27-2009 02:02 AM
how to change from "http" to "https" without reloading the site. Tamer Javascript 2 01-21-2008 11:56 AM
Automatically toggle between https and http Framework fan ASP .Net Security 3 04-02-2004 08:53 PM



Advertisments