Re: iis 6 ssl redirect initial login encrypted?
- From: Mike55 <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Mar 2009 06:58:04 -0800
Ken,
This sounds like what I need to do. As I said, I'm not an IIS guru...how
do I enable authN for the custom error page? I know how to enable anonymous
access for the site (under Directory Security, auth and access control), but
I'm not sure how to do it for just my custom error page.
Thanks,
Mike
"Ken Schaefer" wrote:
For your custom 403.4 webpage, did you enable "Allow Anonymous.
Authentication"?
SSL/TLS kicks in at a lower level than HTTP authentication, so that
requirement (require SSL) should force your custom error page to be loaded
before any HTTP authN is required. However, unless you allow anonymous authN
for your custom 403.4 webpage, the user will have to authenticate to load
that error page.
Cheers
Ken
"Mike55" <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D68DE910-E141-4F29-92A5-005A5BE82B14@xxxxxxxxxxxxxxxx
First off, I'm not a web developer or IIS Admin Pro. I just need to get
ssl
redirection working.
I've configured IIS 6 to redirect to ssl using a custom error 403.4 aspx
page (see code below).
I've also configured my AD GPO to automatically use the windows (logged on
user) credentials to login to the site (populating the local intranet zone
in
IE with the website).
I had to disable SSL on the main site so that the first time a user goes
to
the http page, it works to redirect them to the ssl page.
My concern is that the initial attempt by the user to go to http://
automatically logs them in, then redirects them to the ssl page...and that
the initial login attempt is not encrypted thus passing user credentials
unsecurely...
Is my concern valid? Is this what's happening?
custom error code:
<%
If Request.ServerVariables("SERVER_PORT") = 80 Then
Try
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork
' Get server variables
strQUERY_STRING = Request.Url.AbsoluteUri.ToString()
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")
Response.Write(strQUERY_STRING)
' Fix the query string:
strWork = Replace(strQUERY_STRING, "http", "https")
strWork = Replace(strWork, "403;", "")
strWork = Replace(strWork, "80", "")
' Now, set the new, secure URL:
strSecureURL = strWork
Response.Write(strSecureURL) ' uncomment for sanity check.
Response.Redirect(strSecureURL)
Catch ex As Exception
End Try
End If
%>
- Follow-Ups:
- Re: iis 6 ssl redirect initial login encrypted?
- From: Ken Schaefer
- Re: iis 6 ssl redirect initial login encrypted?
- References:
- Re: iis 6 ssl redirect initial login encrypted?
- From: Ken Schaefer
- Re: iis 6 ssl redirect initial login encrypted?
- Prev by Date: Re: iis 6 ssl redirect initial login encrypted?
- Next by Date: Re: iis 6 ssl redirect initial login encrypted?
- Previous by thread: Re: iis 6 ssl redirect initial login encrypted?
- Next by thread: Re: iis 6 ssl redirect initial login encrypted?
- Index(es):
Relevant Pages
|
