SSL or Not SSL

Hi,

I currenty am in the middle of developing a web application that is run under https.  

What I want to do is as follows:

1) Login page to run under HTTPS.
2) Once logged in redirect to main site running under HTTP.

The problem I feel am going to encounter is that due to the fact Im using 2 sites is how to get the 
authentication details between the 2 sites

Is there a recognised technique for doing this and if this is the case can anyone point me in the 
direction of a tutorial to do this?

Best wishes

Stuart
0
StuartFerguson
6/24/2008 4:11:11 PM
asp.net.security 27051 articles. 0 followers. Follow

3 Replies
645 Views

Similar Articles

[PageSpeed] 48

Unless you designate a site can't be accessed without using SSL you can access it either way. I always do a check on the pages I want to be SSL and if they were accessed without SSL, then I do a response.redirect. Since the application is the same, the authentication carries forward.


Chris Love
ASP.NET 2.0 Your Visual Blueprint for developing Web Applications
0
docluv
6/24/2008 4:43:09 PM
Hi Chris,

Currently i have the virtual directory in IIS such that the site can only be accessed over HTTPS and any HTTP requests are rejected with the (The page must be viewed over a secure channel 403.4 error).

Is is possible to set up the virtual directory so that the login page can be accessed over HTTPS and the rest of the site as HTTP?

If so how can this be done?

Stuart
0
StuartFerguson
6/24/2008 4:55:20 PM

Hi

Base on my understanding, you want only the login page to be secured by SSL, You may get help from this thread:

http://forums.asp.net/t/836624.aspx

Hope it helps.


Best Regards
XiaoYong Dai
Microsoft Online Community Support

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
0
XiaoYong
6/26/2008 8:18:04 AM
Reply:

Similar Artilces:

SSL to no SSL
Hi I have install GW6.0.4 webaccess with SSL and my question is. Can I turn off SSL and use port 80? /matts Matts Sehlberg wrote: > I have install GW6.0.4 webaccess with SSL and my question is. > Can I turn off SSL and use port 80? SSL or the lack thereof has nothing to do with webaccess itself, and everything to do with the web server you're running it on. You should just be able to point the browser at http://<server>/servlet/webacc instead of https://<server>/servlet/webacc -- Jim NSC SYsop Ok I try that on Friday /Matts "J...

NO SSL to SSL
I have a system with webaccess. I have followed the following TID 10016636 but when I click on the .../servlet/webacc link, I get a bad gateway. When I comment out the solution from the TID and restart APACHE, I'm back up and running. What am I doing wrong? I am using APACHE for my webserver. Is there a step by step for setting up SSL for webaccess? I have tried and tried but cannot seem to get it working with SSL. I have also tried to enable it on the webaccess agent within ConsoleOne but that hasn't worked either. Other info: NW6.0sp3 GW6.5sp1 (web access is ...

superreview cancelled: [Bug 164692] SSL ops that timeout should throw java.net.SocketTimeoutException : [Attachment 194480] Modified ssl/common.c and util/jss_exceptions.h to use java.net.SocketTimeo
Wan-Teh Chang <wtchang@redhat.com> has cancelled Sandeep Konchady <Sandeep.Konchady@Sun.COM>'s request for superreview: Bug 164692: SSL ops that timeout should throw java.net.SocketTimeoutException https://bugzilla.mozilla.org/show_bug.cgi?id=164692 Attachment 194480: Modified ssl/common.c and util/jss_exceptions.h to use java.net.SocketTimeoutException https://bugzilla.mozilla.org/attachment.cgi?id=194480&action=edit ...

superreview requested: [Bug 164692] SSL ops that timeout should throw java.net.SocketTimeoutException : [Attachment 194480] Modified ssl/common.c and util/jss_exceptions.h to use java.net.SocketTimeo
Sandeep Konchady <Sandeep.Konchady@Sun.COM> has asked Wan-Teh Chang <wtchang@redhat.com> for superreview: Bug 164692: SSL ops that timeout should throw java.net.SocketTimeoutException https://bugzilla.mozilla.org/show_bug.cgi?id=164692 Attachment 194480: Modified ssl/common.c and util/jss_exceptions.h to use java.net.SocketTimeoutException https://bugzilla.mozilla.org/attachment.cgi?id=194480&action=edit ------- Additional Comments from Sandeep Konchady <Sandeep.Konchady@Sun.COM> In line with the changes done to JSS 4.1 to use JDK 1.4, replacing java.io.Inter...

opening SSL, security, (authorize.net)
Did enyone have to create a script to process credit cards using the AIM method through the AuthorizeNet gateway? I'm a little bit lost. There are few things I must do and never done before: [e.g. open a SSL connection between my hosting server and their gateway and then post the data (credit card number, name, etc..) using a script.] I used HTML forms to post data but never a script. Also, what about the safety concern of the following scenario: 1. My site displays a form to gather credit card info 2. Then posts to my script 3. My script sends that data and the transaction ...

Sharing SSL and login secuirty between a .NET 1.1 and 2.0 sites? SSL passthrough ??
RE: Sharing SSL and login secuirty between a .NET 1.1 and 2.0 sites? SSL passthrough ?? We have an older site under  .NET 1.1 running with an SSL certificate. Lets just say it;s not under my control and I can't touch it. We've developed some outside new functionality in .NET 2.0 on a seperate site we thought would be intranet only, but now they want it under the umbrella of the older site, while making minimal changes to the original site. What's the best way to 1. Share the current SSL certificate? 2. piggieback off the loggin from the original site? meaning, my new s...

AnonymousIdentification + SSL/Non-SSL
Hi! I stumbled upon a problem that I just can't seem to solve on my own. Lets say we have a site that allows anonymousIdentification (used only for profiles). We then have a couple of SSL-pages, and a few non-encrypted pages. My problem is that the user is considered being two different users depending on if he's browsing an SSL page or not. Ie. every user now gets two rows in the profiles-table. One for SSL-pages, and one for non-SSL-pages... I can prehaps understand why this might be a good thing. But right now, for me, It's not... I would like for my user to be identified as the same...

SSL not so secure
'PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies - Engadget' (http://tinyurl.com/9x5msw) -- Murzda ------------------------------------------------------------------------ Drat. Oh, well, it was going to happen eventually. Set security and someone will break it. : ) Susan Novell Community Chat Moderator http://forums.novell.com/faq.php?faq=novfor#faq_rules http://www.ncci.org NCCIrregulars Web Site ...

SSL services
Netware 6 SP 4. I seem to be having trouble with NICI/PKI/SAS. I receive this error when booting the server: Loading module HTTPSTK.NLM Novell Small Http Interface Version 2.02 23 January 2004 Copyright 1998-2003 Novell, Inc. All rights reserved. Module HTTPSTK.NLM load status OK HTTPSTK: Error 10022 enabling SSL services - SSL Disabled HTTPSTK: ListeningThread() on "server IP address":8009 Exiting after Error Everything I read has to do with reinstalling Certificate Server or NICI, running NREPAIR.NLM, recreating PKI key material, e...

SSL secured?
Greetings, Im curious, when a website goes into the secured mode for whatever reason, how safe is the data that is being transmitted? I firmly beleive that nothing on the web is "completely safe" but can I trust that my personal info is being transmitted securily? TIA -BigWill make sure your browser is updated to 128 bit encryption one way to check is to goto help/about it will tell you... -- ************************************************ If One Friend Tells Four Friend's About Adding A Firewall Maybe We Can Stomp These Hackers Four Playing With ...

What is the point of SSL? Is this a SSL Proxy?
From http://www.dslreports.com/forum/r23158507-Warning-The-browser-model-is-really-broken~time=1255628686 * Quote * If a person has "physical access" to the lines and boxes between point A and Point B then all bets are off. There was talk a few months ago on here of a "device" that can strip and read SSL Encrypted Traffic...have to search this site for it, being deployed in Australia I do believe It is capable of "unencrypting" your trafic when it hits the node, and reading it...take it for what you will..its a hardware device designed for ...

SSL security
When I check out  and the description appear on the top  SSL is NOT enabled for this page which is a critical security issue. Please enable SSL on this page. Does anyone know how to enable SSL on the page?   Thanks   Buy an SSL certificate (available from several companies, Verisign is a popular one). They will give you instructions for installing the certificate. Then in your site, program all your links using https instead of http. (e.g. https://www.site.com/page.aspx). You can also do redirects if the user attempts to access the site without http...

SSL Security
If I get an SSL certificate from let's say GoDaddy or DigiCert or whatever. After the SSL cert is installed and working. Is it possible for the company selling me the cert (godaddy or digicert) to decrypt the SSL traffic? Or is it possible for them to perform a man in the middle attack? (assuming a bad employee etc.) I already know that if it was possible to obtain a "chase.com" cert from GoDaddy. I could perform a man in the middle attack on "chase.com" but that is because GoDaddy's certs are trusted and because "chase.com" did n...

SSL or no SSL that is the question..lol
as some of you may have read, i am having some iprint problems that i think may be SSL related(too many ssl services on one server). so, i am wondering how well does iprint work in a NON-SSL envoronment. i will only use it internally(intranet). anyone else running iprint non-ssl? just as good except for encryption? Hi, Starting with SP3 secure iprint uses TLS, which basicly means it starts with non-secure on port 631 and switches to secure on the same port (it does not use port 443). Peter > as some of you may have read, i am having some iprint problems that...

Web resources about - SSL or Not SSL - asp.net.security

SSL - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

SSL Certificates by Trusted SSL Certificate Provider - 70% Discount Price - ClickSSL
Buy / Renew SSL certificate from Symantec™, GeoTrust®, Thawte® & RapidSSL® authorized SSL certificates Provider ClickSSL. Get up to 70% discount ...

SSL Certificates Instantssl Cheap SSL Certificate With High Assurance
Cheap SSL Certificates & 2048 bit Industry Standard SSL Certificate Authority. Full business validated SSL Certificates, secure server certificates ...

SL-Advisors
Home About Us Philosophy Individuals Investment Strategies Newsletter Contact Us INVESTMENT STRATEGIES Hedged Dividend Capture Deep Value Master ...

SSL Comparison and Reviews for Finding the Best SSL Certificate
Find the best SSL Certificate using our SSL Comparison charts and reviews. Learn about SSL, read reviews, and compare SSL certificates.

OpenSSL: The Open Source toolkit for SSL/TLS
The OpenSSL Project is a collaborative effort to develop a robust,commercial-grade, full-featured, and OpenSource toolkit implementing the Secure ...

Space Physics Research Group at UCB/SSL
Space Physics Research Group University of California, Berkeley Space Sciences Laboratory 7 Gauss Way Berkeley, CA 94720-7450 Phone. (510) ...

IEA 4E - Solid State Lighting Annex - SSL
The SSL Annex draft performance tiers The International Energy Agency Efficient Electrical End-Use Equipment Solid State Lighting (IEA 4E SSL) ...

Windows SSL Interception Gone Wild
This week researchers found that newer Lenovo laptops shipped with pre-installed software made by Superfish. The discovery is the latest reminder ...

Following Security Problem, Facebook Moves to OAuth 2.0, HTTPS and SSL Certificates
Facebook is telling developers today to plan to migrate to newer security standards on the platform — a mostly-planned migration whose roadmap ...

Resources last updated: 12/5/2015 10:47:33 PM