How do I add HTTPS to my asp.net website for account login?_问答_开发者

How do I add HTTPS to my asp.net website for account login?

开发者 https://www.devze.com 2023-03-04 13:44 出处：网络

I have an ASP.NET MVC 3 web application开发者_JAVA百科 using Forms Authentication. What are the basic steps I need to take to enable https for account logins? I\'m using IIS 7.5 on Windows Server 2008

I have an ASP.NET MVC 3 web application开发者_JAVA百科 using Forms Authentication. What are the basic steps I need to take to enable https for account logins? I'm using IIS 7.5 on Windows Server 2008 R2

All you need to do is get a certificate and install it in IIS, bind your host to port 443 and you should be good to go. Your app should run as-is on there.

http://Startssl.com has free certificates that work very nicely and are recognized in all browsers.

Good resource here

To start, you need to get a certificate from a certificate authority.

You will then have to import it to your server.

At this point you will be able to add an HTTPS binding to the site, using this certificate.

There is a walkthrough on asp.net.

Step one is to pick an SSL certification authority. There are a number of them, but a few big ones. Browsers are pre-loaded with keys to trust certificates issued by the known certification providers. Your ISP may also be able to provide a certificate for you if they've got a reseller deal with one of the main providers.

When you order your SSL certificate, you'll need to specify details such as the domain name you are buying it for. The certificate will be tied to those details for life, so you need to be sure you get them right. This includes the subdomain part of the domain name, so if your site is hosted on both www.yoursite.com and yoursite.com, you'll need a certificate for both.

Note that it is possible to self-certify -- ie create your own SSL certificate, without going via one of the commercial certificate providers. This is probably a good thing to do for testing and practice purposes as a commercial SSL certificate isn't cheap. But don't use a self-generated certificate for your real site, because browsers will recognise that it's not issued by a trusted authority, and will give the user some very stern warnings about it which will definitely dissuade them from using your site. (you'll also get these warnings if a commercial certificate expires, so don't forget to keep it renewed!)

Once you have the certificate, you'll need to set it up onto your server. I'm not an expert with IIS, so I can't instruct you on the details, but it's basically a case of setting up an additional virtual host, usually pointing to the same physical location as the main http site, configured to use the SSL key you've been issued, and which listens on a different port (default port for https is 443 as opposed to port 80 for http).

Once you've done all that, you should have a functioning https site. The final thing to bear in mind is that the browser will complain if an individual page has a mixture of http and https components, so you should make sure that all the elements in the page are served via https once the user is in the secure area.

Hope that helps.