该应用程序在IIS 7.5上运行.是否有可能有一个具有不安全页面的Web应用程序(如公共区域)和安全区域(如成员区域,需要登录)?如果是,我如何重新确定这些区域之间的沟通?
例:
我的webapp托管在http://foo.abc上.
我有http://foo.abc/default.aspx和http://foo.abc/foo.aspx等网页.
在同一个项目中有一个像/member/default.aspx这样的页面,它受页面http://foo.abc/login.aspx上的登录保护.
所以我需要为页面/login.aspx和/ member /中的所有页面实现SSL
我怎样才能做到这一点?我刚刚了解了如何在IIS 7.5中创建SSL证书以及如何将这样的绑定添加到webapp.如何告诉我的webapp应该使用https调用哪个页面,而不是http.那里最好的做法是什么?
解决方法
After you get SSL setup/installed,you
want to do some sort of redirect on
the login page to https://. Then
whatever page the user is sent to
after validation,it can just be
http://.
Protected Sub Page_PreRender(ByVal sender As Object,ByVal e As System.EventArgs) Handles Me.PreRender If Request.IsSecureConnection = False And _ Not Request.Url.Host.Contains("localhost") Then Response.Redirect(Request.Url.AbsoluteUri.Replace("http://","https://")) End If End Sub
This may be easier to implement on a master page or just all the pages you require https. By checking for “localhost” you will avoid getting an error in your testing environment (Unless your test server has another name than check for that: “mytestservername”).