Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > How to imbed non-SSL links within SSL pages without using code

Reply
Thread Tools

How to imbed non-SSL links within SSL pages without using code

 
 
CW
Guest
Posts: n/a
 
      05-02-2004
I have pages, such as LogOn.aspx, Payment.aspx that enforces the use of SSL.

Every single one of my page embeds a header and menu server controls - which
have links to other pages that do not require SSL.

In the LogOn.aspx, it automatically detects in the page_load event (using
URL.Scheme property) whether SSL is running, and if not, redirect to itself
and replaces http by https in the url. This part runs fine.

However, all the other links on the logon page (including those on the menu
and header server controls) now have https rather than http as the URL
scheme. Is there anyway to get around it? The other pages do not require SSL
at all.

The method I have come up with is to turn all links into server controls,
and then modify its href property in Page_Load event. I think this adds way
too much unnecessary overhead. Is there any easier way of getting around it?

An alternative question is: if the whole site runs on SSL (i.e., I will not
stop turning SSL links into non-SSL links), is this going to cause any major
issues in terms of server load?

Another related question is whether SSL is necessary for LogOff.page. I use
FormsAuthentication (roll my own security).

A


 
Reply With Quote
 
 
 
 
=?Utf-8?B?S2lyayBKYWNrc29u?=
Guest
Posts: n/a
 
      05-02-2004
"CW" wrote:
> However, all the other links on the logon page (including those on the menu
> and header server controls) now have https rather than http as the URL
> scheme. Is there anyway to get around it? The other pages do not require SSL
> at all.


The way I do it, is to use absolute links everywhere, but without the protocol://hostname part. E.g. /home.aspx.

That means that I don't need to do any server-side processing of my navigation structure.

Once the person gets on to the SSL-version of the site, then they'll stay on SSL for any links that they follow, as all the links start with / . Whether this is a problem probably depends on the next question.

> An alternative question is: if the whole site runs on SSL (i.e., I will not
> stop turning SSL links into non-SSL links), is this going to cause any major
> issues in terms of server load?


It has never been an issue for me, but obviously it depends on your site traffic and hardware. SSL requires more processor time for the encrypt / decrypt. You can buy dedicated hardware to do this also.

> Another related question is whether SSL is necessary for LogOff.page. I use
> FormsAuthentication (roll my own security).


Probably not, unless you give your users the option that their FormsAuth cookie is SSL only, in which case it'll only be set / removed while they are on the https:// server.

Kirk
 
Reply With Quote
 
 
 
 
CW
Guest
Posts: n/a
 
      05-02-2004
Thanks for the help

"Kirk Jackson" <Kirk http://www.velocityreviews.com/forums/(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> "CW" wrote:
> > However, all the other links on the logon page (including those on the

menu
> > and header server controls) now have https rather than http as the URL
> > scheme. Is there anyway to get around it? The other pages do not require

SSL
> > at all.

>
> The way I do it, is to use absolute links everywhere, but without the

protocol://hostname part. E.g. /home.aspx.
>
> That means that I don't need to do any server-side processing of my

navigation structure.
>
> Once the person gets on to the SSL-version of the site, then they'll stay

on SSL for any links that they follow, as all the links start with / .
Whether this is a problem probably depends on the next question.
>
> > An alternative question is: if the whole site runs on SSL (i.e., I will

not
> > stop turning SSL links into non-SSL links), is this going to cause any

major
> > issues in terms of server load?

>
> It has never been an issue for me, but obviously it depends on your site

traffic and hardware. SSL requires more processor time for the encrypt /
decrypt. You can buy dedicated hardware to do this also.
>
> > Another related question is whether SSL is necessary for LogOff.page. I

use
> > FormsAuthentication (roll my own security).

>
> Probably not, unless you give your users the option that their FormsAuth

cookie is SSL only, in which case it'll only be set / removed while they are
on the https:// server.
>
> Kirk



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FF Crashes on Links within Links Puma Firefox 10 02-17-2009 07:12 PM
Mixing SSL/non SSL pages tesis ASP .Net 13 07-26-2007 11:28 AM
Please, how does one imbed images in Hotmail? rik ridgeway General Computer Support 0 05-30-2007 11:07 AM
DOM javascript - Imbed javascript in dynamically added Row Ravi Singh (UCSD) Javascript 9 05-26-2005 01:24 AM
Canon A80 - how to imbed date stamp on pics Sam Digital Photography 12 07-17-2004 07:17 PM



Advertisments