Issue with Https

M

mike55

Contributor
Joined
Mar 26, 2004
Messages
727
Location
Ireland
Hi

I need to have one or two of my pages enabled with https, while the rest will all be normal http. The problem that I am having is that when I navigate to one of my https pages and then go to a non-https page, the https takes control of the non-https page. In the end, all the pages in my project are now https pages. Any recommendations, should I be typing the full address of the page I am redirecting to (request.redirect(http://www.abc.ie/subscription.aspx)) rather than just specifying the page name (request.redirect(subscription.aspx))

Mike55.
 
I'm not sure how HTTPs is setup, if the files are all in the same folder on the Web Server, and HTTPs is setup through IIS, or if they are on different actual web servers, you would need to use the full qualification name (https://server/page.aspx), but I'm not 100% sure.
 
Thanks for the reply Nate Bross

One solution that I came across, recommended creating a base page class and letting all my other pages inherit from this page. It also recommended that I should always be creating a base page class, and if I wasn't, then I am doing bad programming.

The posting recommened that I should add the following code to the base page class
Code: 
Private _RequireSSL As Boolean

    <WebBrowsable(True)> _
    <WebDescription("Indicates whether or not this page should be forced into or out of SSL")> _
    Public Overridable Property RequireSSL() As Boolean
        Get
            Return _RequireSSL
        End Get
        Set(ByVal value As Boolean)
            _RequireSSL = value
        End Set
    End Property

    <System.Diagnostics.DebuggerStepThrough()> _
    <System.Diagnostics.Conditional("SECURE")> _
    Public Sub PushSSL()
        Const SECURE As String = "https://"
        Const UNSECURE As String = "http://"
        If RequireSSL AndAlso Request.IsSecureConnection = False Then
            Response.Redirect(Request.Url.ToString.Replace(UNSECURE, SECURE))
        End If
        If Not RequireSSL AndAlso Request.IsSecureConnection = True Then
            Response.Redirect(Request.Url.ToString.Replace(SECURE, UNSECURE))
        End If
    End Sub

Now in my pages, I should inherit the base page class and add the following code:
Code: 
Partial Class _Default
    Inherits BasePage

    Protected Overloads Overrides Sub OnInit(ByVal e As EventArgs)
        BasePage.OnInit(e)
        PushSSL()
    End Sub

    Private Sub InitializeComponent()
        Me.RequireSSL = True
    End Sub

The issue that I am having is that I am getting an error for the line:
Code: 
BasePage.OnInit(e)
and the error message that I am getting is:
Reference to a non-shared member requires an object reference.
Click to expand...

Any suggestions re the issue? Also what is your opinion regarding creating a base page class every time, and what should I be including in it other than the db connection code?

Mike55.
 
Thanks for the reply PlausablyDamp, have you ever used the above code when redirecting between http and https pages, the code seems to be running correct, but I cannot seem to get it to move between the https and http pages correctly. I am still required to manually add the "s" when moving to an https page, and the "s" remains even when I move to an http page. Has it anything to do with the fact that I am running the application on my local machine?

Mike55.
 
Solution to the https problem.

Hi all

This solution comes from: http://www.codeproject.com/aspnet/W...rumid=53615&select=1770074&df=100&msg=1770074.

In order to proceed you need to create a .dll that you add to your web project (I have included it in the compressed folder that I attached. Alternatively, you can go to the above site, download the source file and compile it).

Once you have referenced the .dll in you web project, the next step is to open you web.config file and edit it. You begin by adding the following before the system.web opening tag:
Code: 
  <configSections>
    <section 
    name="secureWebPages" 
    type="Ventaur.Web.Security.Configuration.SecureWebPageSettings, WebPageSecurity" />
  </configSections>


  <secureWebPages mode="On" warningBypassMode="AlwaysBypass" 
        bypassQueryParamName="BypassSecurityWarning">
    <files>
      <add path="Default.aspx" secure="Ignore"/> <!-- use the same http/https as the page you are redirecting from.-->
      <add path="SecurePage.aspx" secure="Secure"/> <!--page has https-->
      <add path="nonsecurepage.aspx" secure="Insecure"/> <!--page is only http-->
    </files>
  </secureWebPages>
You can also apply the https/http to an entire folder rather than single page. However, I suggest you refer to the code project site for that information, as I have not verified if that works.

You then proceed and add the following inside the system.web tag:
Code: 
    <httpModules>
      <add 
          name="SecureWebPage" 
          type="Ventaur.Web.Security.SecureWebPageModule, WebPageSecurity" />
    </httpModules>

Then proceed and run you project. Note inorder for this to work, you cannot have the secure communication option unticked in IIS for the individual pages.

Mike55.
 

Attachments

Back
Top