how to run my application in https insted of http?

Question

3.50/5 (2 votes)

See more:

Form target action: login.aspx

Impact
If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take
See the remedy for solution.
Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.
Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.

please help me how i can send my username and password in https???????

Posted 4-Sep-12 3:08am

Manash Sahoo

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Vani Kulkarni · Answer 1 · 2012-09-04T03:13:00

Solution 1

See this link from IIS forums. Hope it helps you:
http://forums.iis.net/t/1147466.aspx[^]

Posted 4-Sep-12 3:13am

Vani Kulkarni

Ed Nutting · Answer 2 · 2012-09-04T03:22:00

Hi there,

HTTPS is a server configuration thing and will (in most respects) not affect your code. Please search the internet for how to set up HTTPS on your server - there are many articles explaining how HTTPS works and how to set it up. Effectively you just need to buy an HTTPS certificate and set up your server to use that and then turn off port 80 (plain HTTP) connections.

The only code addition/change you will need is to put a server side check on each page request to make sure that the page request is coming via HTTPS.

I would suggest that it is best to run your entire site over HTTPS - otherwise, what is the point of having passwords eh? If an attacker can simply sit in the middle and read all the "private" info as it passes, he/she doesn't need the user's actual username/password, he/she simply needs to wait for them to view a page with their account info!

Oh by the way, if you apply the same (valid) logic to Facebook then you quickly realise that if you (and everybody else) doesn't turn on Facebook's HTTPS setting, you may as well put everyone's entire profiles as open to the public! Since you and friends will be viewing "private" profiles over a completely open connection from which any attacker could read all the information - without ever needing to even go to Facebook itself! Much less need a username/password. Incidentally, unless Facebook has changed suddenly, they don't turn on HTTPS by default - you have to go digging in their more than confusing/messy settings menus to find the option to turn it on for everything rather than just for login.

Hope this helps,
Ed