Security :: Communicate With Firewall Using HTTPS Protocol?
Apr 12, 2010
I am new to .net and i'm stuck with the following issue.
I have a windows GUI application and i need to communicate with a firewall using HTTPS protocol. I did some search on google and the results retrieved showed to use HTTPWebRequest and HTTPWebResponse objects.
But does this objects us HTTP protocal or does it work for HTTPS also. also is SSL required for HTTPS protocol. For SSL we need some security certificate. How to retrieve that certificate. Will a certificate need to available in each client machine
I have an application developed on MVC2 but I need it to change from HTTP to HTTPS after authentication. How do I manage that and where do I have to put the code?
I want to use IIS impersonation to connecto to a SQL server database as the user who is currently accessing a website. This is for auditing and security reasons. I've done some reading and discovered that because the SQL Server is on a sepearate physical server I need to enable Protocol Transitioning and Constrained delegation for the server that's running IIS. This is the article that I found. [URL] I didn't realise at the time I first read it but this article has the following header. Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. What I want to know is, does the information in the article still apply, if I want to impersonate the user all the way to the SQL Server, do i still need Constrained Delegation or has this been implemented in some other way for ASP.NET 4?
Currently I am facing a problem to communicate with a server that enable ssl...
normally we are using TCPClient to send and receive data from server, but now the server that I trying to connect to, need SSL and certificate..
I was trying to search at google and most of the solutions i got it is use SSLStream and X509Certificates. and I have another question, Am I need to create Client and Listener in order to communicate with that server? Because I had reviewed all the sample and they didn't attach the private key when send request to server.
I have very much experience of asp.net developement. But i have never dealt with https. In my one project i require 2/3 page with https. So please any one can explain me how i can start with https. Please explain me in detail about about developement cycle, and any other if there is any settings.
What I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
I have a web site that is running under HTTPS on my web server, On my master page I have an image and no one can see the image accept for me if I access the web app from one of my two pc's.
What would cause the users not to be able to see the image on my default page? I have the site running under https and using the asp.net membership controls.
In my page I have the image like this <img src="../App_Themes/Images/CompLogo.gif"/> and no one can see it but me.
I have setup an ASP web application that uses SSL to secure the login pages, but when I try to access the site using HTTPS on both local test sever and deployment server I get an error stating the connection was interupted
first i want to know most of the e-mail like gmail,yahoo,hotmail etc.. they are all uing https when we comes to login area.. why there are using on that time only https...i also need to implement same in my web application...
I have a part of my website that uses SSL, and a part that does not. I began having issues recently where the link that takes you to the https part of the site would keep getting rerouted to http. In IIS I have SSL on and required for the members directory, and the certs are all fine. My site is http://mcsd-sc.mcbarons.manheimcentral.org/. I first started by routing the pages directly to the secure part using the <meta http-equiv="refresh" content="0;url=urlgoeshere" /> on a redirect page in the /members directory and this was working perfectly. When my issues started, changed it and made the link just go directly to the members part of the site with the https included in the URL (this is how it is now). Now when you click the link it takes you to the member page without using https, thus throwing an error because I have SSL required on that part of the site. When you look at the code in IE, it just shows the direct link using plain HTTP. When I open the code directly on the server, I see the URL beginning with HTTPS. I've been having a lot of issues lately with updated content not refreshing itself, and rebooting the server does nothing. At this point I'm stumped. I think it might be something in IIS, although I haven't touched it in a long time, unless a recent security update messed it up, which is the only explanation I can think of that would screw it up all of a sudden. The site works perfectly when you manually type https. I thought it might have also been my cache, but I just tried it on a computer that I haven't ever gone to the site on before and I got the same issue.
Looking at the OpenID protocol, it appears that the relying party needs to send a request to the identity provider. In our situation, this is not exactly ideal since the identity provider is behind a firewall-- our server will not be able to make the request. However, the user accessing our website (client-side, e.g. javascript or redirects) would be able to. So my question is this: does OpenID support an identity provider behind the firewall? If not, is there a secure way of accomplishing this?DIT:The client has a web server behind their firewall. They have employees that visit our website and thus are able to visit our site and their webserver which resides behind their firewall-- our server, however, would not be able to.
I'm not sure how much of a novice-level question this is. But it seems a fairly basic and common task. So here goes...
I am building a web application that will require some pages, but not all, to use a SSL (https:). How do I designate a particular page to be one or the other? Or do I need to create two separate projects and just have them pass the user back and forth as needed?
I am using Visual Studio 2008, with the Web Site Administration Tool handling users and roles. However I will also be handling very secure data such as social security numbers and the like.
Okay, so I have a site which I'd like to use my SSL certificate for always. So I want all users to be forced to the https version of any url they are directed to.I used this code in my global.asax file:
[Code]....
I've also tried it in the 'Application_BeginRequest' function also. Basically, I have two directories that are secured via Windows Authentication against my domain. if you browsed to the directory (ex. http://www.domain.com/secure) it tries first to authenticate then redirect to https://www.domain.com/secure. In this case it will ask for credentials twice one right after the other. Is their a way I can have the user redirected before Windows Authentication kicks in?
I have 4 links on my asp.net page which open documents on an internal server which is behind firewall. I realized this was incorrectly designed as these links do work while i am the internal network they would not work for an end user accessing the web site outside the network as the links point to a resource on a secure server which is not accessible outside the network.
This works fine. If there is no ssl connection, the login form doesn't continue. But I would like to check if ssl is active (in codebehind) and, if it's possible, to automatically the user to the https page if he's currently on http. (I could do this job by manually redirect with page.response("https://url... login.aspx"); but this is not really generic. For example if the webapp is moved to another domain it doesn't work anymore... I'm looking for something like: FormsAuthentication.RedirectWithSSL();
I am using partially secured pages ( SSL). Now the problem is when I am switching between HTTPS and HTTP, I am losing my session. I tried storing session in Sql Server Database, its still not working. I am using just ONE web server and all pages are in single application.I am using Sql server 2008 ,IIS 7.0, C#.Net 3.5 I created a self signed test certificate to test my application.
I understand that I am losing my session because my urls are changing with https and http but there has to be someway to overcome this problem. I dont want to put unnecessary load on pages which do not have sensitive data by using https.