Switch to SSL using a relative URL
Asked Answered
C

5

2

I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.

The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.

Is there a way for this to work in IIS 6.0?


Edit:

I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.

Chemaram answered 4/12, 2009 at 21:15 Comment(1)
Why do you need to create a relative link, as opposed to dynamically creating an absolute link in code?Dockhand
C
0

We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.

Chemaram answered 17/2, 2010 at 5:58 Comment(0)
P
2

Here's a simple solution in VB.NET:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

Usage:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.

I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx

You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.

Parotitis answered 4/12, 2009 at 22:39 Comment(0)
C
0

Which language/framework are you using?

You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.

Condolence answered 4/12, 2009 at 21:23 Comment(1)
Also if you want to get really fancy you could create an overload for this function that if you don't provide the page name in the parameter then it just reads it from the HttpRequest object.Condolence
N
0

Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.

I've use this for a project, and it works really well.

Northerly answered 4/12, 2009 at 21:33 Comment(2)
That's looks interesting, but I'm not sure it will actually work in my case. The directory that I'm linking to already has the Umbraco back office application sitting there.Chemaram
All this does is look at the directory or file that the person is trying to hit, and if it's configured to be secure (in the web.config) it just redirects them from http to https. It shouldn't matter what else is in the directory.Northerly
E
0

This is the same answer I gave here:

Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

So you can setup a page to be secure in your web.config like this:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>
Egalitarian answered 17/12, 2009 at 20:0 Comment(0)
C
0

We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.

Chemaram answered 17/2, 2010 at 5:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.