i have to build a small webapp for a company to maintain their business data... Only those within the company will be using it, but we are planning to host it in public domain, so that the employees can connect to app from various locations. (Till now I have built web apps that are hosted internally only)
I'm wondering whether I need to use a secured connection (https) or just the forms authentication is enough.
What should I do to prepare my website for https. (Do I need to alter the code / Config) Is SSL and https one and the same... Do I need to apply with someone to get some license or something. Do I need to make all my pages secured or only the login page...
I'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<% Response.Buffer = True If (Request.ServerVariables("HTTPS") = "off") Then sQ = Request.ServerVariables("QUERY_STRING") sURL = "https" & Right(sQ, (Len(sQ)-8)) sURL = Replace(sURL, ":80", "") Response.redirect(sURL) End if %>
I have a WCF service returning JSON to jQuery ajax calls and presenting the results on an ASPX page. When the page is NOT under SSL, the ajax calls work perfectly. When the page IS under SSL, the calls fail. I understand that this behavior must be due to the Same Origin Policy (SOP).
So, how do I setup my WCF service to accept calls from an SSL-secured page? Does the WCF service also need to be secured? If so, how do I do this?
I have got ssl security for my website.I have written onLoad that [URL] ... Should redirect on [URL] ... it redirects but first the [URL] ....pages loads full and then after a sec it redirects...I want to solve this
I just moved our website to a new server(windows 2008, IIS7.5). this website needs to do post to an outside https website to get the data back, but
it deesn't work. when i put the https: website on the IE address bar, it failed. I am wondering what setting i need to change to enable https: website to go through on the server?
Webserver1 has been in the organization a few years and is hosting/running multiple websites with https encryption (app1.ourcompany.com, app2.ourcompany.com, etc). It has a valid, signed certificate.
Webserver2 is a new server, for which I am responsible. I am tasked with setting up https and getting the certificate, etc. It has a web app running on it, but it does not have a domain name (only has an IP address)...which as I recently learned, is a requirement for a signed certificate.
What I'd like to know is this -- is it possible to set up a site on Webserver1 that points to the site I'm hosting on Webserver2 (ie SiteOnWebserver2.ourcompany.com) which also utilizes the Webserver1's signed/verified certificate?
What I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
I purchased a certificate from my hosting provider from my web site. There was some confusion as to whether I needed to use IIS to install it or if they would. After a few days and several phone calls they said they had it installed and configured, but when I tried to set up rewrite rules in web.config the site would not load. When I point my browser to https:mydomain it would load, but there was not green lock in the address bar and 'HTTPS' was not green. I contacted them again and after explaining the situation and being put on hold for 45 minutes I hung up. This morning the the site is working and HTTPS appears to be configured correctly.
I could find no changes to web.config on redirection, so how is it being redirected to HTTPS? I'm concerned that when I post changes to the site I could wipe out what ever they did to get it to work with HTTPS. Could changes been made 'above' my site on the server that I can't affect? Should I be concerned?
We are planning to move our website to https, which currently running on only http only. Web site is running on IIS7 in Windows 2008 server. Do I need to update/modify any configuration settings in the website to make it work on HTTPS? Is it fine just installing certifictes?
I'm working on a CMS that can run either with or without https enabled on the webserver. I'd like to be able to detect whether https is enabled or not, so that I can act accordingly (for example, display some https-related options to the administrator, and redirect to https for administrator logins).
I'm not looking for Request.IsSecureConnection because that only tells me if the current request is via https. I want something that will tell me whether the current bindings for the site in IIS include a binding for https at the same domain as the current request is on. So, for example, even if the current request is for [URL] and thus not secure, I want to know whether [URL] would work so I can (for example) redirect the user to it if they log in as administrator.
I've had no luck looking for anything in System.Web.Configuration that will tell me about the bindings of the current site, though.
I'd like my application to query a csv file from a secure website. Currently I have the user login to the site, manually query the csv, and have my application load the file locally. I'd like to automate this by having the user enter his login information, authenticating him on the website, and querying the data. The application is written in C# .NET. The url of the site is: https://www2.emidas.com/default.asp.
I've tested the following code already and am able to access the file once the user has already authenticated himself and created a manual query.
System.Net.WebClient Client = new WebClient(); Stream strm = Client.OpenRead("https://www3.emidas.com/users/<username>/file.csv");
Here is the request sent to the site for authentication. I've angle bracketed the real userid and password.
POST /pwdVal.asp HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Tablet PC 2.0; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cookie: ASPSESSIONID<unsure if this data contained password info so removed>; ClientId=<username> Host: www3.emidas.com Content-Length: 36 Connection: Keep-Alive Cache-Control: no-cache Accept-Language: en-US client_id=<username>&password=<password>
We have a web site in the domain, let's name: http://website.com. It is necessary to implement same look-and-feel on another web site (https://custom.website.com). As we can see, the 2nd is in the sub-domain of the 1st one, but it is secured (it uses https).To achieve same look-and-feel same DLLs are used in both web sites. These DLLs contain functionality for menus, JavaScripts, etc). But the 2nd web-site uses images and some css files from the 1st one. For example, in order to display "Logo.png" instead of usual "~/Images/Logo.png" the following path to file is rendered into HTML: "http://website.com/Images/Logo.png"
I am trying to make a website in C# ASP.NET. I have been given some code as well as visual studio 2010. The code I was given was written in ASP.NET 4.0, so I obviously want to code in that, but my web hosting only supports ASP.NET 2.0. If I upgrade to 4.0 what's the difference as far as compatibility issues with all browsers, or any draw backs to using 4.0. I am using 1&1 hosting so it is a pretty commercial hosting, maybe there is a reason why they do not have 4.0 standard on their servers?
I'm planning on making a website and host it on my dedicated server.but I would also like the website to be available when the dedicated server (from here on revered to as server) is offline for what reason that maybe.How would I go about doing this? the server would get the domain name from my webserver. I already set up the DNS's to do so, but incase the server cannot be contacted I would like the webserver to take over or something?
