Click here to Skip to main content
15,887,822 members
Search within:


Articles / Web Development / ASP.NET
 
Article

Simple HTTPS Switching

Rate me:
Please Sign up or sign in to vote.
3.42/5 (8 votes)
11 Aug 2006CPOL2 min read 36.1K   38   5
A simple way to switch from HTTP to HTTPS without re-writing links.

Introduction

So you have a site all put together, and many users and other sites link to your site. But then, you start having content that justifies SSL. Perhaps, the whole site does not need SSL, but only a directory or a single page here and there. The problem is that this is going to break all kinds of links, either from external users, or from pages in your own website. This can mean a lot of rework to prevent untold number of users getting 403.4 errors from IIS.

The Problem

When you are sitting on a page which does not require SSL, the browser assumes that the page your are going to will also not require SSL if it does not know any better. You can tell it the page does require SSL, but you have to fully qualify the URL in order to do so. Virtual and Root paths are not going to cut it here.

The Plan

IIS has a tab on its properties that will catch client-driven errors such as a 403.4 error. The 403.4 means that https:// is required, and is thrown when a user goes to a page with just http://. You can change what IIS does so that if it throws this error, it will return a message, send a file, or (as in our case) go to a URL.

Sample image

I created a page called /errors/ssl.aspx in my site. Here is the code...

VB
Partial Class Errors_SSL _
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, _
              ByVal e As System.EventArgs) Handles Me.Load
        Dim lsURL As String = Request.Url.Query

        lsURL = lsURL.Substring(lsURL.IndexOf("://" & Request.Url.Host))
        lsURL = lsURL.Replace(":80", "")
        lsURL = "HTTPS" + lsURL
        lsURL = Server.UrlDecode(lsURL)
        Response.Redirect(lsURL)
    End Sub
End Class

This works because when the error is thrown, IIS returns the error code followed by the offending request as such...

http://localhost/errors/ssl.aspx?403
http://localhost/SomeSSLPage.aspx?id=52

We can parse this and redirect the user to the correct link. I noticed every now and then that IIS will throw the port into your request, so in my case, I always just took it out. I also don't show any HTML on this page, so the worst that happens is the user gets a quick white flash that looks like a post back. You could expand on this idea and handle 404s and the like as well.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Tad McClellan
Web Developer MyWorkbasket
United States United States
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
First Prev Next
Generalis this the same ? [modified] Pin
Krish Krish 7721-Aug-06 22:10
Krish Krish 7721-Aug-06 22:10 
Generalnice article [modified] Pin
sorvik19-Aug-06 10:20
sorvik19-Aug-06 10:20 
GeneralRe: nice article Pin
Tad McClellan19-Aug-06 11:50
professionalTad McClellan19-Aug-06 11:50 
GeneralNice idea Pin
canucker15-Aug-06 15:00
canucker15-Aug-06 15:00 
GeneralRe: Nice idea Pin
Tad McClellan15-Aug-06 17:56
professionalTad McClellan15-Aug-06 17:56 
Last Visit: 31-Dec-99 18:00     Last Update: 28-Apr-24 17:58Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 11 Aug 2006

Article Copyright 2006 by Tad McClellan
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-04-02:1