0

I have just installed sp1 for visual studio 2010 and now i am debugging my asp.net projects and websites with IIS Express. I know i can enable ssl from project's properties. but what i want to figure out is how to enable and require SSL for few pages like Login.aspx and Register.aspx.

I believe in IIS we can do such things from IIS manager but, there seems to be no management area for IIS express except a small icon in system tray. I have not installed IIS express with webmatrix but as a standalone application.

halfer
  • 19,824
  • 17
  • 99
  • 186
Muhammad Adeel Zahid
  • 17,474
  • 14
  • 90
  • 155
  • how about http://forums.iis.net/t/1171280.aspx http://stackoverflow.com/questions/3690901/iis-express-defaulting-to-port-44300-for-https-when-enabling-ssl – Aristos Apr 11 '12 at 12:20
  • 1
    Aristos my question pertains to enabling ssl just for few pages like login.aspx and register.aspx and the rest of the site would run on http. Links you have provided, although helpful, do not answer the question – Muhammad Adeel Zahid Apr 11 '12 at 12:44
  • There are not a case of 1 or 100 pages, the ssl run on a different port. So if ssl runs, it did not change the fast that you won for one only page. – Aristos Apr 11 '12 at 12:50
  • makes no sense to me. there are bunch of sites on internet that use https just for login and register pages whereas rest of the site runs on http :( – Muhammad Adeel Zahid Apr 11 '12 at 12:53
  • ok lets say if i want to enable ssl for any number of pages i have to edit site binding in IIS (not express) and then add ssl with certificate so each of my resources are accessible through http and https. now what i want is that login.aspx must not be accessed through http. How am i gonna do that? – Muhammad Adeel Zahid Apr 11 '12 at 12:59
  • I do not know what I am not explain correct. Of course you have 2 page only on ssl, and the rest on simple. To make this work you need to have running 2 http server, one on normal and one on ssl port. Now if you ask for code for how to switch on code behind this is different. – Aristos Apr 11 '12 at 13:02
  • from http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx it seems that i will have to write a url rewrite rule to force https on pages i want to be accessed via https. is this the only option? – Muhammad Adeel Zahid Apr 11 '12 at 13:20

2 Answers2

1

You can do it with Url Rewriting. If you have a certificate installed for your site in IIS, but you have headers configured for https and http, then the pages of the site can be accessed via either method. You can use a url rewrite to force all requests to a given page to be https, like so:

<rewrite >
  <rules>
    <clear />
    <rule name="Redirect Login Page" stopProcessing="true">
      <match url="^Login.aspx(.*)" />
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
        <add input="{HTTPS}" pattern="^OFF$" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/Login.aspx{R:1}" />
    </rule>

I have used this in a few applications and it works well.

SouthShoreAK
  • 4,176
  • 2
  • 26
  • 48
1

You can also do things programmatically. See Request.IsSecureConnection and (only) redirect as necessary.

A bit off topic, but the above does have some caveats when you have a front end device/concentrator.

Community
  • 1
  • 1
EdSF
  • 11,753
  • 6
  • 42
  • 83