I am currently using .asp to force a site from http to https. When the page is hit, it checks if the port is https. If not it rebuilds the page url and redirects to it. See below:
---------------------------------------------
If Request.ServerVariables("SERVER_PORT") <> 443 Then 'this should only happen when coming from showpolicy page.
Dim strSecureURL
Response.Redirect strSecureURL
End If
-----------------------------------------------
The problem with this is that when i do the force from http to https when a form submission has been made i am losing the posted form data during the redirect.
Is it possible to configure IIS so that it knows which pages in a site must be run in SSL so it does the force itself without losing the posted form data?
yes, can let it only listen on 443, have a one page site listening on 80 that has one line in that one page redirecting to https. or via script, can include your script on every page, thus ensuring the form is presented over 443. or, can put absolute path in action of form -- instead of action="myFile.asp" say action="https://mysite.com/myFile.asp"
i mis-read your post. as far as i know, cant tell iis to ensure only certain pages are served only over 443.
in a larger site, it is common to have most pages on 80 and the few critical input pages over 443.
what i do is make sure all the links are correct (https vs http) and use a script similar to yours on the form pages -- in other words, make sure to catch it b4 they submit.
if u have a QA department, this should be one of the things they check religiously...
.asp to force a site from http to https
Reply With Quote
Bookmarks