Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > ASP.net SSL w/ an SSL Accelerator

Reply
Thread Tools

ASP.net SSL w/ an SSL Accelerator

 
 
Nathan Crosby
Guest
Posts: n/a
 
      07-25-2006
We have a website in which we will have an SSL component for order
processing. We just found out that we will have a hardware SSL accelerator
card
within the network architecture. From what we understand, the card will TX/RX
to the webfarm via port 80 for all traffic. This is new for us and do not
know if there is anything special needed in the application layer to
accomidate an SSL card vs. handling the SSL directly on the server within
and ASP.net code.

Has anyone seen this before and is there anything special that needs to take
place on the application layer to make this work. Someone in our groups
thinks we need to now use absolute paths so the application knows what kind
of connection exists.

 
Reply With Quote
 
 
 
 
Joerg Jooss
Guest
Posts: n/a
 
      07-29-2006
Thus wrote Nathan,

> We have a website in which we will have an SSL component for order
> processing. We just found out that we will have a hardware SSL
> accelerator card within the network architecture. From what we
> understand, the card will TX/RX to the webfarm via port 80 for all
> traffic. This is new for us and do not know if there is anything
> special needed in the application layer to accomidate an SSL card vs.
> handling the SSL directly on the server within and ASP.net code.
>
> Has anyone seen this before and is there anything special that needs
> to take place on the application layer to make this work.


Generelly speaking, yes. Whenever you switch from HTTPS to HTTP in front
of your application server, you have to consider a couple of things.

The most obvious is the fact that IIS and ASP.NET will never receive a HTTPS
request when you have front end SSL accelerator. Thus, if your application
code has to know whether the original request has been sent over a secure
connection or not, you'll need some help from the accelerator. Some of these
devices for example are able to add a custom header to the HTTP request.
Just remember that even with those work arounds in place, the standard ASP.NET
infrastructure isn't likely to know about or use them, so avoid APIs like
HttpRequest.IsSecureConnection or any equivalent server variables like SERVER_PORT_SECURE.

A less obvious issue are HTTP redirects sent from your application code.
You should avoid fully qualified redirect URLs, as these will always use
HTTP instead of HTTPS (see above -- ASP.NET has no idea that the original
request was using a secure connection). By default, ASP.NET doesn't redirect
with fully qualified URLs, unless you set it in your configuration's <httpRuntime
/> element.

Cheers,
--
Joerg Jooss
http://www.velocityreviews.com/forums/(E-Mail Removed)


 
Reply With Quote
 
 
 
 
Nathan Crosby
Guest
Posts: n/a
 
      08-18-2006
Thanks Joerg. This is certainly helpful.

"Joerg Jooss" wrote:

> Thus wrote Nathan,
>
> > We have a website in which we will have an SSL component for order
> > processing. We just found out that we will have a hardware SSL
> > accelerator card within the network architecture. From what we
> > understand, the card will TX/RX to the webfarm via port 80 for all
> > traffic. This is new for us and do not know if there is anything
> > special needed in the application layer to accomidate an SSL card vs.
> > handling the SSL directly on the server within and ASP.net code.
> >
> > Has anyone seen this before and is there anything special that needs
> > to take place on the application layer to make this work.

>
> Generelly speaking, yes. Whenever you switch from HTTPS to HTTP in front
> of your application server, you have to consider a couple of things.
>
> The most obvious is the fact that IIS and ASP.NET will never receive a HTTPS
> request when you have front end SSL accelerator. Thus, if your application
> code has to know whether the original request has been sent over a secure
> connection or not, you'll need some help from the accelerator. Some of these
> devices for example are able to add a custom header to the HTTP request.
> Just remember that even with those work arounds in place, the standard ASP.NET
> infrastructure isn't likely to know about or use them, so avoid APIs like
> HttpRequest.IsSecureConnection or any equivalent server variables like SERVER_PORT_SECURE.
>
> A less obvious issue are HTTP redirects sent from your application code.
> You should avoid fully qualified redirect URLs, as these will always use
> HTTP instead of HTTPS (see above -- ASP.NET has no idea that the original
> request was using a secure connection). By default, ASP.NET doesn't redirect
> with fully qualified URLs, unless you set it in your configuration's <httpRuntime
> /> element.
>
> Cheers,
> --
> Joerg Jooss
> (E-Mail Removed)
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Emulating WCF Through SSL Accelerator nevyn@home.com ASP .Net 0 03-23-2009 12:53 PM
Re: Integrating Download Accelerator into Firefox? gwtc Firefox 1 12-14-2005 05:14 AM
Integrating Download Accelerator into Firefox? Teh Suck Firefox 0 12-13-2005 02:59 AM
Web Accelerator for Firefox? JMI Firefox 3 07-11-2005 02:55 AM
WSDL under SSL from Accelerator CLL ASP .Net Web Services 0 08-12-2004 02:43 AM



Advertisments