Switch to SSL using a relative URL

痴心易碎 提交于 2019-12-01 08:21:06

问题


I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.

The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.

Is there a way for this to work in IIS 6.0?


Edit:

I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.


回答1:


Here's a simple solution in VB.NET:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

Usage:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.

I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx

You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.




回答2:


Which language/framework are you using?

You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.




回答3:


Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.

I've use this for a project, and it works really well.




回答4:


This is the same answer I gave here:

Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

So you can setup a page to be secure in your web.config like this:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>



回答5:


We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.



来源:https://stackoverflow.com/questions/1849683/switch-to-ssl-using-a-relative-url

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!