Re: iis 6 ssl redirect initial login encrypted?
- From: Mike55 <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Mar 2009 07:34:14 -0800
I don't remember exactly, but I'm pretty sure I was getting a 'virtual
directory listing' error when I only had the file configured. Once I
configured the vd, it worked.
Mike
"Ken Schaefer" wrote:
You should only need to make those configuration changes for the actual file.
itself.
Cheers
Ken
"Mike55" <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C0C43AC1-8039-4C2B-ABF3-A1D9540DDF28@xxxxxxxxxxxxxxxx
Got it! I had to enable anonymous auth on the file and virtual directory
that contained the file and I had to disable SSL for the virtual directory
and file.
Everything looks good now.
Thanks!!!
Mike
"Ken Schaefer" wrote:
Hi,
Just locate the actual error page in IIS Manager, right-click ->
Properties
and go to the File Security page.
Select "Allow Anonymous Authentication" and disable the other
authentication
mechanisms.
Cheers
Ken
"Mike55" <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7EFAE115-2C80-4778-9258-BD2653E9CC89@xxxxxxxxxxxxxxxx
Ken,
This sounds like what I need to do. As I said, I'm not an IIS
guru...how
do I enable authN for the custom error page? I know how to enable
anonymous
access for the site (under Directory Security, auth and access
control),
but
I'm not sure how to do it for just my custom error page.
Thanks,
Mike
"Ken Schaefer" wrote:
For your custom 403.4 webpage, did you enable "Allow Anonymous
Authentication"?
SSL/TLS kicks in at a lower level than HTTP authentication, so that
requirement (require SSL) should force your custom error page to be
loaded
before any HTTP authN is required. However, unless you allow anonymous
authN
for your custom 403.4 webpage, the user will have to authenticate to
load
that error page.
Cheers
Ken
"Mike55" <Mike55@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D68DE910-E141-4F29-92A5-005A5BE82B14@xxxxxxxxxxxxxxxx
First off, I'm not a web developer or IIS Admin Pro. I just need to
get
ssl
redirection working.
I've configured IIS 6 to redirect to ssl using a custom error 403.4
aspx
page (see code below).
I've also configured my AD GPO to automatically use the windows
(logged
on
user) credentials to login to the site (populating the local
intranet
zone
in
IE with the website).
I had to disable SSL on the main site so that the first time a user
goes
to
the http page, it works to redirect them to the ssl page.
My concern is that the initial attempt by the user to go to http://
automatically logs them in, then redirects them to the ssl
page...and
that
the initial login attempt is not encrypted thus passing user
credentials
unsecurely...
Is my concern valid? Is this what's happening?
custom error code:
<%
If Request.ServerVariables("SERVER_PORT") = 80 Then
Try
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork
' Get server variables
strQUERY_STRING = Request.Url.AbsoluteUri.ToString()
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")
Response.Write(strQUERY_STRING)
' Fix the query string:
strWork = Replace(strQUERY_STRING, "http", "https")
strWork = Replace(strWork, "403;", "")
strWork = Replace(strWork, "80", "")
' Now, set the new, secure URL:
strSecureURL = strWork
Response.Write(strSecureURL) ' uncomment for sanity check.
Response.Redirect(strSecureURL)
Catch ex As Exception
End Try
End If
%>
- References:
- Re: iis 6 ssl redirect initial login encrypted?
- From: Ken Schaefer
- Re: iis 6 ssl redirect initial login encrypted?
- From: Mike55
- Re: iis 6 ssl redirect initial login encrypted?
- From: Ken Schaefer
- Re: iis 6 ssl redirect initial login encrypted?
- From: Mike55
- Re: iis 6 ssl redirect initial login encrypted?
- From: Ken Schaefer
- Re: iis 6 ssl redirect initial login encrypted?
- Prev by Date: Re: iis 6 ssl redirect initial login encrypted?
- Next by Date: Re: iis 6 ssl redirect initial login encrypted?
- Previous by thread: Re: iis 6 ssl redirect initial login encrypted?
- Next by thread: Re: iis 6 ssl redirect initial login encrypted?
- Index(es):
Relevant Pages
|
