How To Transfer Session From HTTP Page To HTTPS Page
Sep 16, 2010How we transfer my session from http page to https page.
View 3 RepliesHow we transfer my session from http page to https page.
View 3 Repliesi redirect a page from http to https using http module begin request handler .i am calling webservice using ajax but it is saying webserice not defined .which otherwise works fineits work fine when rediect page in page_load instead .but i need to add function for https to http in every page. i still not know why ajax is not working when i use http module for redirect
View 3 RepliesI need to pass api key in custom http header ('X-ApiKey') and pass to another page. The second page will read that api key and do further processing. If api key is not passed in, it will redirect to error page.
I tried this way, but it didn't work.
In First.aspx page
Response.AppedHeader("X-ApiKey", "xxxxxxxxxx");
Response.Redirect("Second.aspx");
In Second.aspx page
string apikey = Request.Headers.Get("X-apiKey");
but X-apiKey is not passed in in second.aspx http header and ended up redirecting to error page.
Building asp.C# shopping app that is using a hosted payment page to process payments (using posting of data to a hosted payment page). SSL certificate is signed and installed.
Flow:
Prelim) (HTTPS) Users authenticate using asp Login control
1) Users add items to cart.
2) (HTTPS)Users go to checkout page.
3) Users finalize their order, then click pay now after agreeing to T&C.
4) Server gets cart data (from MSSQL2005) and sets a transaction cookie (expiry set to 20 mins).
5) (HTTPS) Server Response.Redirects to an html page (in the same folder as the login protected pages).
6) Html page reads transaction cookie data and generates form fields.
7) (HTTPS) Html page posts data to hosted payment page (php).
8) User enters payment info and clicks pay now.
9) (HTTPS) hosted payment page posts info back to a .aspx page that checks if payment OK.
10a) If payment !OK, redirects to a declined page.
10b) (HTTPS) If payment OK, sets a verification cookie (expiry set to 20 mins). Then redirects to another html page.
11) Html page reads cookie data and generates form fields.
12) (HTTPS) Html page posts data to hosted verification page (php).
13) Verification page verifies (of course), if transaction ok.
14) (HTTPS) verification page posts data to a .aspx page that checks if verification OK.
15) If verification OK, process orders and do receipt stuff.
Issue:
This control flow was tested on an unsigned dev environment. SSL was being enforced, if needed on the unsigned SSL certificate. So we'd get prompts that certificate may be bad, but the control flow worked seamlessly.
However, now live with a signed SSL certificate, going from step 5 to 6, we are encountering a situation where some users (not duplicated every time, but verified that it does occur) when they click pay now and are redirected to the html page, they are forced back to the ~/login.aspx page (as if they were logged out).
Things to note:
a) The session did not time out.
b) The browsers have cookies and javascript enabled.
c) I can process the entire flow seamlessly on the same machine with other accounts, and occasionally, the same account.
So, basically, I'm stumped... Is this a viewstate error? A login control bug that won't let me redirect to an html page because it is now using a real SSL? Anyone have any experience with this kind of deal? I'm at a loss for solutions at this point.
I am creating a website with password-protected pages in it.
I have two type of customer: 1. Free 2. Paid
For paid customers, pages would be rendered over HTTPS whereas for free customer, pages will be rendered over HTTP. However, pages for both types of users would be same (while populating specific information for each user.)
note, the URL for the two users should be same except HTTP/HTTPS part.
I am new to HTTPS and want to know how to achieve this.
I am wondering how to implement it?
Other pages (aspx) are working fine on both http/https, only ashx gives response 404 on https, I used firefox firebug to investigate it.
I have two same virtual directory on IIS, one is mapped for https where this ashx is not working.
I guess some kind of mapping is missing for https on server, not sure where this kind of mapping is stored?
I'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<%
Response.Buffer = True
If (Request.ServerVariables("HTTPS") = "off") Then
sQ = Request.ServerVariables("QUERY_STRING")
sURL = "https" & Right(sQ, (Len(sQ)-8))
sURL = Replace(sURL, ":80", "")
Response.redirect(sURL)
End if
%>
I am using partially secured pages ( SSL). Now the problem is when I am switching between HTTPS and HTTP, I am losing my session. I tried storing session in Sql Server Database, its still not working. I am using just ONE web server and all pages are in single application.I am using Sql server 2008 ,IIS 7.0, C#.Net 3.5 I created a self signed test certificate to test my application.
I understand that I am losing my session because my urls are changing with https and http but there has to be someway to overcome this problem. I dont want to put unnecessary load on pages which do not have sensitive data by using https.
I am trying to fix an ASP.NET site that a friend had botched converting from older technologies. To the user, the site appears to have public and secured sections. Behind the scenes, the public and private sites are separate web applications with separate app pools. The difficulty arises because it appears that the applications share the same session IDs (when going from the public to the secured pages, the session ID remains the same), yet none of the (InProc) session variables are getting passed from the public site to the private one. Basically, the workflow consists of the user checking a checkbox ("I agree" type of stuff) on the public site (let's call that page http://www.boring.gov/iAgree.aspx), then logging in on the secured site (let's call that page https://www.boring.gov/login.aspx). The commandments from the parent agency in DC are that the user may not bookmark the login page, the user has to click "I agree" every time they log in, and that the "I agree" stuff has to be on a separate page. What am I missing? How would you do it? Notes:dows 2003 server.2 - Yes, it is a government agency.3 - I would have done things very differently if I was doing the conversion, but I wasn't brought in until the poop hit the fan, and it is too late to redo things.4 - Two previous SO threads that appear to be related, yet don't apply are this and that
View 4 RepliesWe are currently running an asp.net application with 3.5 framework, using a SQL 2008 back-end. We have found that when we go from http to https we lose our session. Basically you come in on Server01 in http, add an item to your cart go to the secure checkout page (https) and you are now on Serve
View 2 RepliesJust wondering whether or not Session Variables that are declared and set while in a HTTP session will continue to exist if the users session moves to HTTPS?
View 4 RepliesI have used a image handler to display image which works fine... My problem is how can v pass the image using sessions on different pages. I have an image control in master page and fileupload control on the content page.... bt m not able to implement sessions for images as image can't be store to string.
View 1 RepliesI have a HTTP module that I have written that needs to access the session. I have done the following:Module is registered in web.config Module attaches my method call to the PostAcquireRequestState event The module implement IRequiresSessionState However, when my page doesn't have an extension (i.e. as when htp://www.mywebsite.com) the session is not available and my code fails. If the page does have an aspx extension then all is ok.
View 3 RepliesI need to force SSL when going to the final checkout page (for example from default.aspx to checkout.aspx).
I need to pass variables to this check out page and tried to use server.transfer(https://www.mydomain.com/checkout.aspx). I then use previous page .Fincontrol to read text box and label name to this check out page. If I only do the server.transfer("~/checkout.aspx") then my I can read all vakues of my controls from the passing default.aspx page.
But when I force https:// then I cannot read the control values from default.aspx page.
Please give me some tips on how to get control values to the https:// destination page or if you have another tips on how to do it the right way, please let me know.
I wrote a code to send file as below:
[Code]....
When I tried to send file to the URI stated above, the server throw the status 400 back to me when I tried to get the response from the server, and the https server doesn't receive any file. While I changed the URI to point to another server, which is a http server, the code works fine and able to send file to the server. I would like to know why the code above is not able to send the file to the https server?
PS:
[Code]....
How can I set up my page load event in my code behind to redirect to an url that has an https prefix? I would need it to work with urls that have query strings attached too.It's one thing to construct a link that goes straight to the https page, but I don't want the user to be able to manually change it to an http page.Also I don't want to do it with javascript because it might be turned off.
View 4 RepliesI am having problem redirecting error when error is http 500 or http 403 locally running this site there is no problem it gets redirected to my errorpage.aspx. But when deployed at server, it does not get .tried putting try and catch in page_load and in global.asax and I have set Application_Error to redirect to that page and also set <customErrors defaultRedirect to that page also
error
statusCode="500"
redirect="/errors/errorpage.aspx?error=500"
/>
Boss want me to change all applications from http:// to https:// to make sites more secure.What steps should I take?
View 4 RepliesI want to redirect http to https. I tried this one,but I have one problem, I have to redirect to another page. The request.url gives the current page, whereas I need to redirect to another page. How do I do that.
if(!Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
i want to send sms by using http/https,can nay one tell me hoe can i do this ?
View 1 RepliesAs part of a master page template, several sites include a login control. Since the site is served over HTTP, I want the login control, once a successful login has been achieved, to resolve to a portal served over HTTPS.The closest I've seen to achieve this may be here, but I'm not entirely clear on its implementation.Can I get some feedback or suggestions on this?Of course, a simple "Login" link on all pages that point to a login paged served over HTTPS is another solution, but this is not what I'm looking for.
View 1 RepliesI have a task where i need to create a html page and HTTP post it to another page.
I know how to create a HTML page but i dont know how to HTTP post it to another.
Is it possible to configure your web.config file of your asp.net website to use different settings for users accessing the site via HTTPS?
(eg. I need to have validateRequest attribute for https access set to false, but for internal access (using http) set to true...)
I have hosted asp.net web service on IIS 6.
Client of the service is using the service successfully by HTTP://<hostname>/service.asmx.
I want to allow only HTTPS://<hostname>/service.asmx, i.e. No one can access web service using HTTP://
I have a part of my website that uses SSL, and a part that does not. I began having issues recently where the link that takes you to the https part of the site would keep getting rerouted to http. In IIS I have SSL on and required for the members directory, and the certs are all fine. My site is http://mcsd-sc.mcbarons.manheimcentral.org/. I first started by routing the pages directly to the secure part using the <meta http-equiv="refresh" content="0;url=urlgoeshere" /> on a redirect page in the /members directory and this was working perfectly. When my issues started, changed it and made the link just go directly to the members part of the site with the https included in the URL (this is how it is now). Now when you click the link it takes you to the member page without using https, thus throwing an error because I have SSL required on that part of the site. When you look at the code in IE, it just shows the direct link using plain HTTP. When I open the code directly on the server, I see the URL beginning with HTTPS. I've been having a lot of issues lately with updated content not refreshing itself, and rebooting the server does nothing. At this point I'm stumped. I think it might be something in IIS, although I haven't touched it in a long time, unless a recent security update messed it up, which is the only explanation I can think of that would screw it up all of a sudden. The site works perfectly when you manually type https. I thought it might have also been my cache, but I just tried it on a computer that I haven't ever gone to the site on before and I got the same issue.
View 5 Replies