Re: ASP.NET and SSL basic question.
From: Cliff Harris (hersh_at_myrealbox.com)
Date: 09/25/03
- Next message: Alek Davis: "Re: Store private key in cookie?"
- Previous message: Johan Normén: "Servervariables("logon_user") returns empty string"
- Next in thread: Cliff Harris: "Re: ASP.NET and SSL basic question."
- Maybe reply: Cliff Harris: "Re: ASP.NET and SSL basic question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Sep 2003 12:32:37 -0400
I didn't see anything in the articles that specifically related to how to
maintain session state between requests.
If I set the requireSSL tag to 'true', does it automatically set up the SSL,
or does it just mean that the page
will throw an error if I don't use "https" myself.
If the former is the case, then does this automatically save session state,
or is there still something i have to do
to solve this?
Also, if I want to secure a page by essentially redirecting the user to the
page useing Response.Redirect("https://...."),
how would I, if it's possible, maintain state in this case? Would
Server.Transfer work for this?
THanks,
-Clint
"Lewis Wang [MSFT]" <v-lwang@online.microsoft.com> wrote in message
news:mQ07d3taDHA.1092@cpmsftngxa06.phx.gbl...
> Hi Russ,
>
> It's possible to create a sub directory, place the "aspx" page in and
> secure the sub directory. It is also possible to maintain the session info
> between the non secure and the secure parts of the site,
>
> You may check the following links for more information.
>
> How To: Set Up SSL on a Web Server
>
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
> tml/SecNetHT16.asp>
>
> 813829 INFO: Help Secure Forms Authentication by Using Secure Sockets
Layer
> <http://support.microsoft.com/?id=813829>
>
> HOW TO: Enable SSL for All Customers Who Interact with Your Web Site in
> Internet Information Services
> <http://support.microsoft.com/?id=298805>
>
> Hope this helps.
>
> Best regards,
> Lewis
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> --------------------
> | From: "Russ" <russ@UKS.com>
> | Subject: ASP.NET and SSL basic question.
> | Date: Sun, 24 Aug 2003 13:34:03 +0100
> | Lines: 20
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> | Message-ID: <#AG97vjaDHA.2960@tk2msftngp13.phx.gbl>
> | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> | NNTP-Posting-Host: client-513-p1-sms.glfd.adsl.virgin.net 81.107.226.0
> | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | Xref: cpmsftngxa06.phx.gbl
> microsoft.public.dotnet.framework.aspnet.security:6407
> | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> |
> | Hi,
> |
> | Apologies if this question is a bit basic, but I can't seem to find any
> | documentation anywhere. I have an asp.net site running on Windows
2003
> | server, and I need one .aspx page to be secured using SSL. I haven't
> | bought a certificate yet, but I have set the SLL port to 443 on the web
> | site.
> |
> | My question is do I have to create another site on my server, and secure
> it,
> | or can I just say create a sub directory on my current site, place my
one
> | aspx page in the and secure the sub directory? I would like, if
> possible,
> | to maintian session info between the non secure and the secure parts of
> the
> | site, but I'm clueless as to whether this is possible.
> |
> | Could someone please point me to some documentation?
> |
> | Thanks,
> | Russ
> |
> |
> |
>
- Next message: Alek Davis: "Re: Store private key in cookie?"
- Previous message: Johan Normén: "Servervariables("logon_user") returns empty string"
- Next in thread: Cliff Harris: "Re: ASP.NET and SSL basic question."
- Maybe reply: Cliff Harris: "Re: ASP.NET and SSL basic question."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
