Re: More SSL questions

"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:O15ByulhGHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
<snip>>
My web site redirects a frame to display the ~/Secure/Logon.aspx. I added
a /NotSecure/SSLRedirect.aspx

Have you tested that the redirection is actually working correctly?


and setup IIS to use this page for 403;4 custom error only for my Secure
directory. I also added the Location path entry in my web.config for the
SSLRedirect.aspx and also authorization setting.

Have you tested that the authorization exception is working correctly?
i.e.: Can you successfully navigate to the page without logging in?


However, when I navigate to the www.mywebsite.com I get "You are not
authorized to view this page" in the frame that should be displaying my
~/Secure/Logon.aspx.

What is the frame src value?


Since I am using forms authentication (on my Secure directory), I'm
assuming that multiple Location entries in my web.config is Ok?

It should be. BTW, you should also be testing that an attempt to view any
of your "secured" pages directly without logging also results in the desired
redirection to the login page.


Any hints on how to make SSL work on part of web site (my Secure
directory) using forms authentication and not for the entire web site?

thanks, Rob.


"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:ujvyNTkhGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
You might want to start by reading
http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx then
posting back here if you have any remaining questions.



"Rob R. Ainscough" <robains@xxxxxxxxxxx> wrote in message
news:Oct6OxehGHA.3496@xxxxxxxxxxxxxxxxxxxxxxx
I've successfully installed my Verising SSL pro certification on my web
server, but I'm not sure how to force IIS to use SSL on my deployed web
app residing on that server?

Any hints?

what I currently have is www.myDomain.com works but issues a security
warning from IE but my site still functions as normal.
https://www.myDomain.com also works and I see the secure lock icon in IE
(with no prompt this time). I think what I want is that
www.myDomain.com will automatically get redirected to https:// - Am I
missing something obvious?

How do I get my web app to know that only the directories below my root
should be SSL? I realize my forms authentication will prevent login
access, but how do tell my IIS web server that .aspx pages in this dir
are SSL?

Basic questions I know, any help is appreciated -- I've not configured
SSL web server before.

Thanks, Rob.







.

Relevant Pages

  • RE: ssh and ids
    ... external system is something that's done routinely with SSL ... Should an attacker root your web server, how safe will your private keys ... As far as IDS being able to do much with encrypted traffic, ...
    (Focus-IDS)
  • RE: SSL and BizTalk?
    ... When making an HTTPS connection to an SSL secured web server the only thing ... SSL cert on the web server. ... If you open Internet Explorer on the BizTalk machine and try browsing to ...
    (microsoft.public.biztalk.general)
  • Re: What version of SSL in 5.0 Web Server
    ... I haven't seen this problem running Firefox 7 against the CE 5.0 web server ... you do not need to disable SSL 3.0 on ... the webserver is configured for TLS, TLS will be negotiated since it is ... given a higher priority in the protocol negotiation. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: What version of SSL in 5.0 Web Server
    ... I rebooted the device so the Web server is ... SSL in Firefox so that only TLS is running. ... data security between application protocols such as HTTP (the protocol ...
    (microsoft.public.windowsce.platbuilder)
  • Re: meta redirect - on removing .htm extension, Firefox displays HTML - Why?
    ... The key to your redirection (as I hope you already read in the cited ... Another approach is to leave the web server to supply the missing ... the answer was that your server was returning text/plain as the ... with unknown content-types. ...
    (alt.html)