Security :: Losing Session When Switching Between HTTPS And HTTP?
Jan 28, 2010
I am using partially secured pages ( SSL). Now the problem is when I am switching between HTTPS and HTTP, I am losing my session. I tried storing session in Sql Server Database, its still not working. I am using just ONE web server and all pages are in single application.I am using Sql server 2008 ,IIS 7.0, C#.Net 3.5 I created a self signed test certificate to test my application.
I understand that I am losing my session because my urls are changing with https and http but there has to be someway to overcome this problem. I dont want to put unnecessary load on pages which do not have sensitive data by using https.
View 1 Replies
Similar Messages:
Dec 4, 2010
I have a basic website with a member login page and an administration backend area. I am using ASP.NET Membership tables for authentication.
When a member logs in they are authenticated and have access to their member profile and other related member areas.
If a user logs in and I detect they are in the ADMINISTRATOR role then a link to access the admin area of the site is available.
When the admin clicks this admin link the site redirects to SSL HTTPS protocal and is suppose to send the admin to the Administrtion area of the site.
[code]....
How can I force the user to remain logged in when switching to HTTPS from HTTP?
View 2 Replies
Sep 13, 2012
I have a following requirement. In my website, any user login with his/her credentials at that time URL should be switched to HTTPS from HTTP till the user logged out. After Log Out, URL change to HTTP from HTTPS.
I am storing username in Session and from that I can check whether user is logged in or not but how to change URL at that time.
View 1 Replies
Mar 22, 2010
I am trying to fix an ASP.NET site that a friend had botched converting from older technologies. To the user, the site appears to have public and secured sections. Behind the scenes, the public and private sites are separate web applications with separate app pools. The difficulty arises because it appears that the applications share the same session IDs (when going from the public to the secured pages, the session ID remains the same), yet none of the (InProc) session variables are getting passed from the public site to the private one. Basically, the workflow consists of the user checking a checkbox ("I agree" type of stuff) on the public site (let's call that page http://www.boring.gov/iAgree.aspx), then logging in on the secured site (let's call that page https://www.boring.gov/login.aspx). The commandments from the parent agency in DC are that the user may not bookmark the login page, the user has to click "I agree" every time they log in, and that the "I agree" stuff has to be on a separate page. What am I missing? How would you do it? Notes:dows 2003 server.2 - Yes, it is a government agency.3 - I would have done things very differently if I was doing the conversion, but I wasn't brought in until the poop hit the fan, and it is too late to redo things.4 - Two previous SO threads that appear to be related, yet don't apply are this and that
View 4 Replies
Jan 26, 2011
We are currently running an asp.net application with 3.5 framework, using a SQL 2008 back-end. We have found that when we go from http to https we lose our session. Basically you come in on Server01 in http, add an item to your cart go to the secure checkout page (https) and you are now on Serve
View 2 Replies
Feb 10, 2010
Just wondering whether or not Session Variables that are declared and set while in a HTTP session will continue to exist if the users session moves to HTTPS?
View 4 Replies
Jan 26, 2011
I have a part of my website that uses SSL, and a part that does not. I began having issues recently where the link that takes you to the https part of the site would keep getting rerouted to http. In IIS I have SSL on and required for the members directory, and the certs are all fine. My site is http://mcsd-sc.mcbarons.manheimcentral.org/. I first started by routing the pages directly to the secure part using the <meta http-equiv="refresh" content="0;url=urlgoeshere" /> on a redirect page in the /members directory and this was working perfectly. When my issues started, changed it and made the link just go directly to the members part of the site with the https included in the URL (this is how it is now). Now when you click the link it takes you to the member page without using https, thus throwing an error because I have SSL required on that part of the site. When you look at the code in IE, it just shows the direct link using plain HTTP. When I open the code directly on the server, I see the URL beginning with HTTPS. I've been having a lot of issues lately with updated content not refreshing itself, and rebooting the server does nothing. At this point I'm stumped. I think it might be something in IIS, although I haven't touched it in a long time, unless a recent security update messed it up, which is the only explanation I can think of that would screw it up all of a sudden. The site works perfectly when you manually type https. I thought it might have also been my cache, but I just tried it on a computer that I haven't ever gone to the site on before and I got the same issue.
View 5 Replies
Dec 2, 2010
I have a site which is not a secured connection i.e. the URL starts with http://
I want this site to be migrated to https://
View 7 Replies
Feb 15, 2010
I am having a site which is now running with http. I need to convert to Https. can anybody help me out how to convert a site from Http to Https.
View 3 Replies
Dec 6, 2010
is it possible to preserve authentication for ASP.NET Forms authentication cookie,btween Http and Https (different domains) and back?I mean haveing single signon for two domains say http://www.mydomain.com and https://members.mydomain.comI've seen on quite asp.net sites that have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in.
View 1 Replies
Jul 12, 2010
I developed a simple application running in IIS 6 under an http protocol. for the security purposes our company provide a certificate unfortunately my application is not functioning in https. i can still access it in http...
View 8 Replies
Jul 16, 2010
I'm pretty new at configuring IIS and working with SSL. I've been having difficulty with switching from the HTTPs protocol to the HTTP protocol. I had set a small part of our website to the HTTPS protocol since it has an SSL certificate for online commmerce.
When users go through that part of the site the HTPPS protocol is set and runs fine, but when they try to leave by, say, clicking on a link to another part of the site (after they have visited the secured portion of the site) the HTTPS stays in the url. Is there something I'm doing wrong?
This is how the HTTPS is set on the site: this code is placed in an sslredirect.asp page located in a "SSL" folder:
<%
Response.Buffer = True
If (Request.ServerVariables("HTTPS") = "off") Then
sQ = Request.ServerVariables("QUERY_STRING")
sURL = "https" & Right(sQ, (Len(sQ)-8))
sURL = Replace(sURL, ":80", "")
Response.redirect(sURL)
End if
%>
View 1 Replies
Sep 16, 2010
How we transfer my session from http page to https page.
View 3 Replies
Jul 15, 2010
i redirect a page from http to https using http module begin request handler .i am calling webservice using ajax but it is saying webserice not defined .which otherwise works fineits work fine when rediect page in page_load instead .but i need to add function for https to http in every page. i still not know why ajax is not working when i use http module for redirect
View 3 Replies
Jan 14, 2011
Boss want me to change all applications from http:// to https:// to make sites more secure.What steps should I take?
View 4 Replies
Feb 9, 2010
I want to redirect http to https. I tried this one,but I have one problem, I have to redirect to another page. The request.url gives the current page, whereas I need to redirect to another page. How do I do that.
if(!Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
View 2 Replies
Oct 8, 2010
i want to send sms by using http/https,can nay one tell me hoe can i do this ?
View 1 Replies
Oct 21, 2010
As part of a master page template, several sites include a login control. Since the site is served over HTTP, I want the login control, once a successful login has been achieved, to resolve to a portal served over HTTPS.The closest I've seen to achieve this may be here, but I'm not entirely clear on its implementation.Can I get some feedback or suggestions on this?Of course, a simple "Login" link on all pages that point to a login paged served over HTTPS is another solution, but this is not what I'm looking for.
View 1 Replies
Feb 3, 2011
Is it possible to configure your web.config file of your asp.net website to use different settings for users accessing the site via HTTPS?
(eg. I need to have validateRequest attribute for https access set to false, but for internal access (using http) set to true...)
View 2 Replies
Nov 29, 2010
I have hosted asp.net web service on IIS 6.
Client of the service is using the service successfully by HTTP://<hostname>/service.asmx.
I want to allow only HTTPS://<hostname>/service.asmx, i.e. No one can access web service using HTTP://
View 1 Replies
Nov 27, 2013
how can i change HTTP to HTTPS.
View 1 Replies
Jun 24, 2010
We are planning to move our website to https, which currently running on only http only. Web site is running on IIS7 in Windows 2008 server. Do I need to update/modify any configuration settings in the website to make it work on HTTPS? Is it fine just installing certifictes?
View 3 Replies
Mar 9, 2011
how can i force one or more pages in Asp.net to use HTTPS rather then HTTP,
If there is any way to do that in web.config will be great.
View 3 Replies
May 3, 2010
I'm having real trouble redirecting pages from http to https on my live website. Everything is fine on my IDE but as soon as I upload it to my shared web host (123-reg.co.uk) I hit a problem. When I try to redirect to https using Response.Redirect it seems a loop occurs and the request is never carried out.
The code I've tried:
[Code]....
and
[Code]....
Both above methods worked fine in my IDE but not on my live system.
In IE nothing happens but in Firefox the below error is displayed:
"Firefox has detected that the server is redirecting the request for this address in a way that will never complete. "
View 9 Replies
Feb 16, 2011
project is built using ASP.NET MVC 2.0. There're some pages is run under https and the rest run under http. Follow the artical I found on StackOverflow (http://stackoverflow.com/questions/2414327/switching-between-http-and-https-in-asp-net-mvc-1-0 ) :1.For pages that need to run under https I just add the attribute [RequireSSL] for the corresspond action method.2.To force all the rest pages run under http I have overriden OnAuthorization in the base controller:
protected override void OnAuthorization(AuthorizationContext filterContext)
{
if (!Request.IsAjaxRequest())
[code]...
View 2 Replies