dcsimg
www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: ASP.Net Developer config vs Production

  1. #1
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    12

    ASP.Net Developer config vs Production

    I've been given the task of updating an Asp.Net web application we have hosted externally.
    I've set up a local development environment (.Net Framework 1.1, MS SQL Server, IIS (Windows XP Pro) ).

    Now most of our local web app works fine...
    but when I try to get to our login page (which uses SSL) I get the standard "The Page Cannot Be Displayed" DSN error page).

    The config file mentions something about testing not having access to SSL ports and such, so I set SSL to false in the web.config file, nothing changed and I have no clue what to do.

    ASPX pages beyond logon work correctly and return "not logged in"... so only the secure area doesn't work. Could it be something to do with the redirecting from http:// to https://?

    Are there any other differences in configuration in such development environments?

    Thanks in advance.

  2. #2
    Join Date
    Jan 2003
    Location
    Dundee, Scotland
    Posts
    1,367
    Hi,
    has your SSL Certificate been registered in IIS?

  3. #3
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    note: you are going to need to open another port on the router and all like you would with your http but for https since ssl/https does run on an alternate port if you have not already.

  4. #4
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    12

    ssl, certificate, https...

    After more reseach I discovered that I do need a "certificate" although I don't have one, is this something that is easily obtainable?
    Are all certificates created equal, for example, if I got one, would it be just as compatible as the one my Host Service uses for this app?

    When Developing from the same machine that I have the app on, why would I need to change anything on the Router? I should be able to do this without any network connection correct? I just need a local setup, testing using //localhost/ works for all the non secure pages!

    Would it be easier to just bypass the security, for example remove the code that adds the security to the login page? I don't need this security on the local computer, I just need to be able to test other pages while being "logged in". So if the login page was ran without ssl here, I'd be happy.
    What should i be looking for to remove?

    Thanks in advance.

  5. #5
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    Um, yes it would be easier. If you are not using ssl, you are not using https and then do not need a certificate. I was assumeing you were using ssl for remote use and to do that you would need to open up another port. SSL is pointles for remote use because you do not have to worrie about hackers intercepting passwords or getting content that is non encrypted when you are not doing anything over the internet.

  6. #6
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    12

    remove for testing only

    Alright, SSL is used on the Production server (hosted by someone else), I don't need it for my development server and it is only used for 1 or 2 pages.

    So how do I go about removing this?

    I have found lines like "Replace(http://, https://)" which I assume would do the trick if removed.

    I do however run into another (not sure if related) problem.


    There is an index.aspx page (codebehind is index.aspx.cs).
    This page redirects to the login.aspx (codebehind is login.aspx.cs).

    At the top of the html code in index.aspx is the <@...> tag, and it includes an "inherits..." part. Also index.aspx.cs has a line that redirects to login.aspx. The inheritance part is also in the login.aspx file.

    Here is what happens:

    loading index.aspx with the changes below:
    no inheritance, no redirection = index.aspx
    no inheritance, redirection = index.aspx
    inheritance, no redirection = login.aspx
    inheritance, redirection = login.aspx

    loading index with inheritance code in login.aspx:
    no inheritance, no redirection = index.aspx
    no inheritance, redirection = index.aspx
    inheritance, no redirection = DSN error
    inheritance, redirection = DSN error

    It appears that only with the inheritance in, there is code being ran (but gives DSN errors hinting at SSL being used). Seems like the .cs files whether changed or not, make no difference! So how do I update this application?

    Please help!

  7. #7
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    well if your script is using ssl, but you are doing http:// and not allowing it to use ssl it is not going to work. Stop using the login page all together or test it remotely would be my suggestions. Or get a certificate to do the local testing.

  8. #8
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    12

    Question gotta make it work

    Could you/someone answer the following questions if possible?

    What does it take to get a certificate that works with an existing application?

    How hard is it to remove the code that makes the login use SSL? After all its just 1 or two pages! I just want to use this without security.

    What are the steps/configuration to have my local copy use the code in aspx.cs files and not the inherited classes? Each aspx page has a "codebehind" setting and an "inherits" setting which seems to override the codebehind.

    How do I replace/update those classes?

  9. #9
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    Heh, now we are getting into language structure and OO. Inheritance is a little difficult to explain but it relates to children taking the properties of a parent. I can't just give you a solution that is going to work in all situations for your object oriented / scripting problems, you are going to need to really get in touch with what every language you use to do your asp.net. As for the logins my answer is 'maybe'. I know thats a non answer but it really depends on if you are using system auth, sessions, and other things. It depends on how they were made. You are going to be checking to make sure the user is logged in on each page obviously so you are going to need to take code out on each page, then if you are doing any encryption for passwords you are going to have more playing to do. If you wrote it you should not have any problems taking it out.... What is your deal, you are working on a site some other guy made or something? As for the certificate, IIS has a wizard you can get to in the properties of your default website that will create a request for the certificate and you would send this request to get it.
    Last edited by PeOfEo; 03-26-2004 at 09:01 PM.

  10. #10
    Join Date
    Jan 2003
    Location
    Dundee, Scotland
    Posts
    1,367
    Hi,

    To provide secure 128bit encription Secure Socket Layer (SSL) Certificate you have to purchase the SSL certifiacte from a company such as:

    verisign

    You can also install a 14 day trial version that you can use to test and understand SSL.

    How this works

    For IIS, open the IIS snap-in on your local machine. Navigate to your web site and open up the propeties. Select Directory Security. Click the button for server certificates. This will open up the Web Server Certificate Wizard. Select create a new certificate. Select prepaire the request now but send later. Provide your details that will be used to identify your site. Save them to a text file.

    This text file contains the required information a SSL company needs to provide you with a certificate.

    Once you have your certificate which is just a file, you can then run the same wizard. This time select "Process the pending request and install the certificate". Browse and select the *.cer file provided by verisign.

    Once installed this will allow you to run https:// pages. Normally you aplly this to one folder in your site and any pages you want to secure you put them in that folder. Any you don't want secured you leave out of the folder.

    To answer some of your questions.

    SSL pages do not require code in your page to make it https://.

    https://www.verisign.com/products/srv/trial/intro.html - For trial.

    The problems with the code behind pages not functioning correctly maybe due to you not having the same configuration as the host(no SSL Certificate).
    Last edited by Ribeyed; 03-28-2004 at 06:03 PM.

  11. #11
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    http://www.cacert.org/index.php?id=4 free ssl, not expiration (that I know of) this is a non profit place so as far as I know it is 100% free.

  12. #12
    Join Date
    Jan 2003
    Location
    Dundee, Scotland
    Posts
    1,367
    Hi PeOfEo,
    wouldn't touch it!

    Look shockingly **** and wouldn't trust it with any sensitive information my clients would send over the internet, but good for an example for the guy.
    It doesn't tell you what strength the encription is????

    May only be 32bit or 64bit.

  13. #13
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    128 bit... But of course I would not use it myself for running an ecommerce site, but why pay for something you are just using for local testing and learning that is not going to be moving any real credit card #s

  14. #14
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    12

    unsecure is fine for me

    Thanks for the input guys... It really doesn't matter what the SSL security is like, it can be nothing at all for my purposes, I'm not trying to test the login page, it already works and needs no updates.

    When it comes to authentication, what seems to happen is this: index.aspx forwards to login.aspx but before it does so, it changes the URI from http to https by using string.replace... that is the only "security code" I see in the .cs files, which is what made me think that by removing this replace code, it would work in http without SSL. Once the user is logged in, a session var is set for user details. The following pages are through http again, so no more security required.

    As for the cs files not being updated, well, being new to this, I assumend that cs files were compiled run-time like jsp or asp files before... now I know that I need to compile them into a DLL file.

    So my only problem now, is figuring out how to compile using CSC (since I can't afford VS.NET at the moment). I tried it, but even with a minor change in the code (which is not the problem), csc returns many errors 116 and 101. I have a bunch of subdirectories containing cs files, so I have to somehow compile everything into one dll... not sure how to do it (although I heard that VS uses csc in the background, so there must be a way). I looked at some docs on csc but they don't tell me how to compile many cs files (most in subdirectories) into one dll file, nor do they explain why I'm getting these errors, when I know that these files were compiled before (not by me) but through VS.

    Anyone out there uses csc?

  15. #15
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    Thanks for the input guys... It really doesn't matter what the SSL security is like, it can be nothing at all for my purposes, I'm not trying to test the login page, it already works and needs no updates.
    heh david .

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles