Re: SSL and Forms Authentication
From: Paul Glavich (glav_at_aspalliance.com-NOSPAM)
Date: Thu, 19 Feb 2004 22:36:51 +1100
Perhaps you could try and put some code in the Application_Authenticate
event that checks to see if the user is already authenticated, if not, then
issue a manual redirect to your HTTPS login page.
-- - Paul Glavich "Scott" <no_email_at_all> wrote in message news:uBN4Zln9DHA.2480@TK2MSFTNGP10.phx.gbl... > Hi, > > I've seen this problem posted a few times around the 'net with no answer. > Hopefully someone here can help. > > We have our website configured to use Forms Authentication. We want to > secure the Login page ONLY using SSL. When a user goes to the site he is > redirected to the Login page for authentication, but gets an error saying > the resource is protected and they must use HTTPS:. > > That's ugly, since the redirect should be transparent to the user. > > When we setup the <forms> tag we have tried using the full path in the > loginUrl property, including 'https://'. When we do this the user doesn't > get the message about HTTPS, but he DOES get an NT Authentication login > dialog instead. > > Thats even uglier and I'm not even sure why that happens. > > Documentation and books I've read allude to the abiltiy to secure a single > folder or page using SSL and the login redirection works. Those same > documents and books don't say HOW to make it work and we haven't been able > to either. > > Is it even possible to do this? Has anyone here done it successfully? > > Scott L. > >