0

I am creating a website with password-protected pages in it.

I have two type of customer: 1. normal 2. secured

For secured customers, pages would be rendered over HTTPS whereas for normal customer, pages will be rendered over HTTP. However, pages for both types of users would be same but the content will change.

Please note, the URL for the two users should be same except HTTP/HTTPS part.

Can anyone pls suggest how to structure the application so that the same page will act as both http and https?

Also would like to know, sometimes when we browse some HTTPS page and few of the items like image are referenced over HTTP then we get a cross in Address Bar indicating that some of the resources are not over HTTPS.

How can we overcome this problem, any suggestions?

ammu
  • 1
  • 2

1 Answers1

1

This should be fine, when the user logs in, redirect them to an https:// page. Just use the same page addresses, only the scheme (http or https) needs to change.

To avoid problems with choosing between http or https (for example in image URLs like you mention), try to use relative URLs whenever possible, instead of absolute URLs. So if you're on https://test.com/index.html and want to display an image in an images directory, use /images/test.jpg (relative) rather than https://images/test.jpg (absolute).

If you have to use absolute, you can use a scheme-relative url - for example //images/test.jpg will use HTTP if the current page is using HTTP, and HTTPS if the page is using HTTPS.

See this question and this one for more details.

Community
  • 1
  • 1
Graham Clark
  • 12,886
  • 8
  • 50
  • 82
  • can you please explain how to structure the site to perform as both http and https?what are the changes needs to do in web.config?(i think so)if a site has been configured as secured all the pages will be act as secured pages.So how to render the page as http? also how to access a image in http path in https? – ammu May 26 '11 at 11:12
  • @ammu: I don't think you need to structure the site any differently, but if a page can be accessed over both HTTP and HTTPS, you obviously won't be able to have anything in the web.config denying access to a page for unauthenticated users. You'll need to do all these checks manually and change the page accordingly. I'm not sure what you mean about the image, an image just exists on a path, not "in" http or https. Use a relative or a schema-relative URL to link to the image. – Graham Clark May 26 '11 at 12:57