Can you SSL one page in an a .NET application?
Can you have one page in a .NET application that is https but the rest be http? For instance, just the login page? Does this take extra setup in the application or is it j
-
I don't know if I would recommend it or not, but many web applications are split into two applications, one for the login application, and one for the rest of the application that relies on the authentication being performed by the other app. If you think of how an OpenID application such as stackoverlow redirects you to another site to login, that might work for your situation..
讨论(0) -
There is no native way to do this in IIS or even in the web.config that I know of.
However, this can be done in code.
讨论(0) -
Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
So you can setup a page to be secure in your web.config like this:
<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" > <files> <add path="/MustBeSecure.aspx" secure="Secure" /> </files> </secureWebPages>讨论(0) -
Since this was the first result I found, I figured I'd update it for others.
You don't need a plugin to do this. IIS7 and URL rewriting will allow you to do this from web.config.
<rule name="Payment page to SSL" stopProcessing="true"> <match url="(your page URL pattern)" /> <conditions> <add input="{HTTPS}" pattern="ON" negate="true" /> </conditions> <action type="Redirect" url="https://(your domain)/{R:0}" /> </rule>讨论(0) -
I believe you could set a folder to require https within IIS, but not a single page easily. Within the code for that single page, you could enforce a check to use SSL and on all the other pages enforce that SSL isn't used, but that seems like a lot of work for little gain to my mind.
讨论(0)
加载中...
- 热议问题