Re: SSL and Forms Authentication

From: Paul Glavich (glav_at_aspalliance.com-NOSPAM)
Date: 02/19/04


Date: Thu, 19 Feb 2004 22:36:51 +1100

Perhaps you could try and put some code in the Application_Authenticate
event that checks to see if the user is already authenticated, if not, then
issue a manual redirect to your HTTPS login page.

--
- Paul Glavich
"Scott" <no_email_at_all> wrote in message
news:uBN4Zln9DHA.2480@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I've seen this problem posted a few times around the 'net with no answer.
> Hopefully someone here can help.
>
> We have our website configured to use Forms Authentication.  We want to
> secure the Login page ONLY using SSL.  When a user goes to the site he is
> redirected to the Login page for authentication, but gets an error saying
> the resource is protected and they must use HTTPS:.
>
> That's ugly, since the redirect should be transparent to the user.
>
> When we setup the <forms> tag we have tried using the full path in the
> loginUrl property, including 'https://'.  When we do this the user doesn't
> get the message about HTTPS, but he DOES get an NT Authentication login
> dialog instead.
>
> Thats even uglier and I'm not even sure why that happens.
>
> Documentation and books I've read allude to the abiltiy to secure a single
> folder or page using SSL and the login redirection works.  Those same
> documents and books don't say HOW to make it work and we haven't been able
> to either.
>
> Is it even possible to do this?  Has anyone here done it successfully?
>
> Scott L.
>
>


Relevant Pages

  • Re: redirect http to https for virtual directories
    ... Did you setup httpredirect.asp as the 403.4 custom error for the virtual ... at the URL and if it comes over "80" redirect to ... httpredirect.asp BUT ASKS FOR THE AUTHENTICATION even ... 403.4 custom error not handling http to https redirects ...
    (microsoft.public.inetserver.iis)
  • Re: Default.aspx - newbie Q`
    ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Default.aspx - newbie Q`
    ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP 2.0 Membership API
    ... After successful authentication, you want to redirect back to the original application, but the returnURL parameter contains only /App1 as the URL. ... The solution to that problem is adding a local login page to the application that does a manual redirect to the central authentication application. ... if not you have to use cookieless auth ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: redirect http to https for virtual directories
    ... at the URL and if it comes over "80" redirect to ... Enable anonymous access and unchecked the Require SSL ... If proper authentication is provided, ... custom error not handling http to https redirects ...
    (microsoft.public.inetserver.iis)