1

I'm modifying an ASP.NET website, and I need a way to open a page using ssl (https://my_new_page.aspx). Most of the tutorials I've seen are for login pages, however, this is not for a login page; rather, I have an iframe in my page that links to an https webpage, and rather than have a potential security hole by having mixed content in one page, I'm trying to make the parent page https too. IE and Chrome won't even open the secure content in the iframe anyway, so I'm guessing they are detecting the mixed content and are refusing to run it.

So, how do I make this one page a secure page? Or is there another, better way to do what I'm trying to do (iframe with secure content inside a parent page, because reasons)?

Tino
  • 13
  • 2
  • I'm trying not to use any third party libraries. While this is not a hard requirement (right now at least), is there any built-in way to do this? – Tino Dec 23 '14 at 18:46

1 Answers1

0

It's all about configuration

http://i1.asp.net/media/3994497/webapi_auth07.png?cdn_id=2014-12-15-002

source: http://www.asp.net/web-api/overview/security/working-with-ssl-in-web-api

Then on your page init or load you can look into the Request properties to view if it's using secure or not

if (!context.Request.IsSecureConnection)
            redirectUrl = context.Request.Url.ToString().Replace("http:", "https:");

Source: http://forums.asp.net/t/1803920.aspx?redirect+http+to+https

Abyte0
  • 852
  • 8
  • 9
  • For the Security and the IFrame, I would look at this thread if you don't control the website inside the IFrame: http://stackoverflow.com/questions/7289139/why-are-iframes-considered-dangerous-and-a-security-risk – Abyte0 Dec 23 '14 at 19:38
  • Pity I can't upvote your response. Thanks! – Tino Dec 25 '14 at 02:31