Security :: Creating An HTTPS Application
May 12, 2010I have been looking for a good article which will help me in creating secure asp.net application.
View 1 RepliesI have been looking for a good article which will help me in creating secure asp.net application.
View 1 RepliesI'm working on an application, where several products has their own website/application, while everything is stored in one SQL 2008 database.
When someone wants to buy a product (software licenses) they fill out a form and their info is transmitted to another site where all administration and payment is handled.
When the customer has payed with Paypal and is returned to the payment page, their info is saved to database, and a user account is created.
In order to create the user for the correct application, I use the following code to change the application name, create the user there, and change back.
[Code]....
This goes partly fine. The user is created in the aspnet_Users (in the wanted application) and assigned a role correctlu. When trying to approve the user, however, an error is thrown:
System.NullReferenceException: Object reference not set to an instance of an object.
The user is never created in the aspnet_Membership table.
I have 2 different website/applications with 2 different asp.net membership databases in the same server. Now my client wanted to create a user in one website and add that person automatically in to the other application/website/database too. Right now my applications create users using asp.net membership and added to its respective databases. Is it possible to create a user from different application using asp.net membership?
View 6 RepliesI have very much experience of asp.net developement. But i have never dealt with https. In my one project i require 2/3 page with https. So please any one can explain me how i can start with https. Please explain me in detail about about developement cycle, and any other if there is any settings.
View 2 RepliesOur web application can be reached from Blackberry, but when we try to open https, blackberry fails. bytheway, we followed the instructions on http://roopeshreddy.wordpress.com/2010/10/25/developing-web-applications-for-blackberry-mobiles-using-microsoft-asp-net
View 8 RepliesI want my application to serve all of its web pages over SSL, so I added the lines...
<secureWebPages enabled="true">
<directory path="." />
</secureWebPages>
... to my Web.config and the resulting compiler error is:
Build (web): Unrecognized configuration section secureWebPages.
I am running Visual Studio 2008
Is there a way to know beforehand if a given page will be served in HTTPS. To be clear I don't want to know if thecurrent page is using HTTPS or not.
View 3 RepliesWhat I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
Do you know any web site with an invalid https certificate, so I can test if my browser detects it?
View 1 RepliesI have a web site that is running under HTTPS on my web server, On my master page I have an image and no one can see the image accept for me if I access the web app from one of my two pc's.
What would cause the users not to be able to see the image on my default page? I have the site running under https and using the asp.net membership controls.
In my page I have the image like this <img src="../App_Themes/Images/CompLogo.gif"/> and no one can see it but me.
I have setup an ASP web application that uses SSL to secure the login pages, but when I try to access the site using HTTPS on both local test sever and deployment server I get an error stating the connection was interupted
View 3 Repliesfirst i want to know most of the e-mail like gmail,yahoo,hotmail etc.. they are all uing https when we comes to login area.. why there are using on that time only https...i also need to implement same in my web application...
View 4 RepliesI have a part of my website that uses SSL, and a part that does not. I began having issues recently where the link that takes you to the https part of the site would keep getting rerouted to http. In IIS I have SSL on and required for the members directory, and the certs are all fine. My site is http://mcsd-sc.mcbarons.manheimcentral.org/. I first started by routing the pages directly to the secure part using the <meta http-equiv="refresh" content="0;url=urlgoeshere" /> on a redirect page in the /members directory and this was working perfectly. When my issues started, changed it and made the link just go directly to the members part of the site with the https included in the URL (this is how it is now). Now when you click the link it takes you to the member page without using https, thus throwing an error because I have SSL required on that part of the site. When you look at the code in IE, it just shows the direct link using plain HTTP. When I open the code directly on the server, I see the URL beginning with HTTPS. I've been having a lot of issues lately with updated content not refreshing itself, and rebooting the server does nothing. At this point I'm stumped. I think it might be something in IIS, although I haven't touched it in a long time, unless a recent security update messed it up, which is the only explanation I can think of that would screw it up all of a sudden. The site works perfectly when you manually type https. I thought it might have also been my cache, but I just tried it on a computer that I haven't ever gone to the site on before and I got the same issue.
View 5 RepliesI have an application developed on MVC2 but I need it to change from HTTP to HTTPS after authentication. How do I manage that and where do I have to put the code?
View 1 RepliesBe built an MVC application. Some of the pages require being under SSL encryption. Means the whole site need to be broken down to sections (http and https)The immediate solution that comes to my mind is creating two IIS sites (port 80 and 443) and break the application to two sites (public-http and private-https). Since the site is complex, breaking it into two applications will be huge work.What is the easiest way of doing this?Is there any link or article that explains the best practices doing this?
View 1 RepliesI am new to .net and i'm stuck with the following issue.
I have a windows GUI application and i need to communicate with a firewall using HTTPS protocol. I did some search on google and the results retrieved showed to use HTTPWebRequest and HTTPWebResponse objects.
But does this objects us HTTP protocal or does it work for HTTPS also. also is SSL required for HTTPS protocol. For SSL we need some security certificate. How to retrieve that certificate. Will a certificate need to available in each client machine
I'm not sure how much of a novice-level question this is. But it seems a fairly basic and common task. So here goes...
I am building a web application that will require some pages, but not all, to use a SSL (https:). How do I designate a particular page to be one or the other? Or do I need to create two separate projects and just have them pass the user back and forth as needed?
I am using Visual Studio 2008, with the Web Site Administration Tool handling users and roles. However I will also be handling very secure data such as social security numbers and the like.
I have a site which is not a secured connection i.e. the URL starts with http://
I want this site to be migrated to https://
Okay, so I have a site which I'd like to use my SSL certificate for always. So I want all users to be forced to the https version of any url they are directed to.I used this code in my global.asax file:
[Code]....
I've also tried it in the 'Application_BeginRequest' function also. Basically, I have two directories that are secured via Windows Authentication against my domain. if you browsed to the directory (ex. http://www.domain.com/secure) it tries first to authenticate
then redirect to https://www.domain.com/secure. In this case it will ask for credentials twice one right after the other. Is their a way I can have the user redirected before Windows Authentication kicks in?
I am having a site which is now running with http. I need to convert to Https. can anybody help me out how to convert a site from Http to Https.
View 3 RepliesI've set in the web.config:
[Code]....
This works fine. If there is no ssl connection, the login form doesn't continue. But I would like to check if ssl is active (in codebehind) and, if it's possible, to automatically the user to the https page if he's currently on http. (I could do this job by manually redirect with page.response("https://url... login.aspx"); but this is not really generic. For example if the webapp is moved to another domain it doesn't work anymore... I'm looking for something like: FormsAuthentication.RedirectWithSSL();
im using wcf how can i make sure to my service file from client side.
my web service file (service.svc) should not acceable on client side....on https security(ssl)
I am using partially secured pages ( SSL). Now the problem is when I am switching between HTTPS and HTTP, I am losing my session. I tried storing session in Sql Server Database, its still not working. I am using just ONE web server and all pages are in single application.I am using Sql server 2008 ,IIS 7.0, C#.Net 3.5 I created a self signed test certificate to test my application.
I understand that I am losing my session because my urls are changing with https and http but there has to be someway to overcome this problem. I dont want to put unnecessary load on pages which do not have sensitive data by using https.
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 RepliesThe site is written in vb.net, and accessed via https.User randomly meets the warining dialog"This page contains both secure and non-secure items.Do you want to display the non-secure items?", after clicking 'Yes', 404 not found error page will be displayed, but by refreshing, the warning dialog and 404 page
all gone. Also by viewing source code from IE, I found '<meta content="Http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">' where only uses http protocol, Does this have any thing with the error user meets?