开发者

Switch to SSL using a relative URL

开发者 https://www.devze.com 2022-12-13 18:17 出处:网络
I would like to create a relative link that switches the current protocol from http to https. The last place I worked h开发者_运维知识库ad something set up on the server so that you could make that ha

I would like to create a relative link that switches the current protocol from http to https. The last place I worked h开发者_运维知识库ad something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.

The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.

Is there a way for this to work in IIS 6.0?


Edit:

I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.


Here's a simple solution in VB.NET:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

Usage:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.

I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx

You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.


Which language/framework are you using?

You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.


Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.

I've use this for a project, and it works really well.


This is the same answer I gave here:

Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

So you can setup a page to be secure in your web.config like this:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>


We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.

0

精彩评论

暂无评论...
验证码 换一张
取 消