0

I have been working on a website in beta phase for some time now, and am finally about to launch it. There are several links, anchor tags, with relative URLs throughout the site that link to the admin and cart sections of the website, and now they have to be SSL secured.

Also, same question for relative URLs in Response.Redirect("~/../..");

When a user is browsing over http, is there anyway to redirect them to a page with https connection using a relative URL? It seems like poor practice to code absolute URLs for links and redirections for the purpose of SSL. If the domain name changes, I have to rewrite them all. Plus, if I want them to work on my localhost, I would have to change them every time I upload to server. There must be some solution.

Nick Rolando
  • 25,879
  • 13
  • 79
  • 119
  • Your point about having to rewrite the host name in the absolute URI when it shouldn't really be a concern. It's mainly a problem when your content is static, but you're using a framework here. Any decent modern web programming framework should let you get the requested host from the request and insert it automatically to build an absolute URL if you need to: something like `"https://" + Request.getHostName() + "/" + relativeURL` (this is just pseudo syntax, you may have to work out the details). Automatic rewrites have [some problems](http://webmasters.stackexchange.com/a/28443/11628) too. – Bruno Aug 31 '12 at 21:03

3 Answers3

1

Switching Between HTTP and HTTPS Automatically is a very good code to use for the implementation of switching logic fast and easy - and not change your existing code.

Similar: Preparing my ASP.NET / MVC site to use SSL?

Community
  • 1
  • 1
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • I liked this solution and spent the past couple of days implementing it, but came to find that I cannot require SSL through IIS with this solution. When the server automatically switches between http and https using this http module, if a file or directory is setup to require ssl in IIS, I get error saying "The page must be viewed over a secure channel", because it is not initially sent over `https`. However, when I remove this requirement from IIS, the module works correctly and loads the page as `https`... – Nick Rolando Sep 05 '12 at 18:31
  • However, I believe we want the requirement set in IIS for that extra layer of security, if possible. Is there a way to implement this using this module? Or is it proper to just have the program initiate the `https` connection and *not* have the ssl requirement in IIS? – Nick Rolando Sep 05 '12 at 18:33
  • @Shredder I do not know how to do a module that runs direct on IIS, never done it before. What you can do with that module is that you can compile it as asp.net dll, and place it on the machine configuration of the asp.net - that's make it run by default on all sites of asp.net – Aristos Sep 05 '12 at 19:19
  • There is no module on IIS. I only configure certain certain directories to "Require Secure Channel". This module does not work when I have this setting. Should I not have this setting, or is there some work-around? – Nick Rolando Sep 05 '12 at 21:00
0

These helper methods by Rick Strahl will help you

http://www.west-wind.com/weblog/posts/2007/Sep/18/ResolveUrl-without-Page

Pay special attention to ResolveServerUrl.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
0

Depending on what version of IIS you are running, you could always offload this functionality to the webserver. Check out the URL Rewrite module here.

Josh
  • 10,352
  • 12
  • 58
  • 109