More SSL questions



A couple of issues I'm having:

I'm only enabling SSL for a "Secure" directory under my web app's root
directory - not the entire web site. I use forms authentication for
~/Secure/Logon.aspx - my logon page and this resides in my SSL enabled
directory.

My web site redirects a frame to display the ~/Secure/Logon.aspx. I added a
/NotSecure/SSLRedirect.aspx and setup IIS to use this page for 403;4 custom
error only for my Secure directory. I also added the Location path entry in
my web.config for the SSLRedirect.aspx and also authorization setting.
However, when I navigate to the www.mywebsite.com I get "You are not
authorized to view this page" in the frame that should be displaying my
~/Secure/Logon.aspx.

Since I am using forms authentication (on my Secure directory), I'm assuming
that multiple Location entries in my web.config is Ok?

Any hints on how to make SSL work on part of web site (my Secure directory)
using forms authentication and not for the entire web site?

thanks, Rob.


"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:ujvyNTkhGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
You might want to start by reading
http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx then posting
back here if you have any remaining questions.



"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:Oct6OxehGHA.3496@xxxxxxxxxxxxxxxxxxxxxxx
I've successfully installed my Verising SSL pro certification on my web
server, but I'm not sure how to force IIS to use SSL on my deployed web
app residing on that server?

Any hints?

what I currently have is www.myDomain.com works but issues a security
warning from IE but my site still functions as normal.
https://www.myDomain.com also works and I see the secure lock icon in IE
(with no prompt this time). I think what I want is that www.myDomain.com
will automatically get redirected to https:// - Am I missing something
obvious?

How do I get my web app to know that only the directories below my root
should be SSL? I realize my forms authentication will prevent login
access, but how do tell my IIS web server that .aspx pages in this dir
are SSL?

Basic questions I know, any help is appreciated -- I've not configured
SSL web server before.

Thanks, Rob.





.



Relevant Pages

  • RE: configuring ssl certificate in multiple website
    ... We can perform follow steps to configure one SSL web site: ... Prepare certificate for this SSL web site ... IIS SSL Configuration Component ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot access payment areas and login areas on Websites
    ... Page Cannot Be Displayed Error During SSL 3.0 Server Session Timeout ... Troubleshoot Situations Where You Cannot Complete MSN Sign-up pr Connect to SSL ... Secure Web Site ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Cant log into specific sites
    ... Page Cannot Be Displayed Error During SSL 3.0 Server Session Timeout ... Troubleshoot Situations Where You Cannot Complete MSN Sign-up pr Connect to SSL ... You Cannot Access Your MSN E-mail Account or Authenticate with a Web Site in Various ... Secure Web Site ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: OMA not implemented issue
    ... Both are secured with SSL. ... /Exchange virtual directory and I can log in to the OMA now. ... Why did you create another 'Web site identifier'? ... necessary when using front-end servers. ...
    (microsoft.public.exchange.setup)
  • RE: SSL Publishing to WEB Server and Disable Binding
    ... To answer your concern, you can feel to publish this SSL web site, and the ... Socket pooling causes Internet Information Services ... pooling won't impact the default web site on the SBS server. ...
    (microsoft.public.windows.server.sbs)