locked
Problem with SSL RRS feed

  • Question

  • User-1887867400 posted

    Hi, i have a web site with following structure:

    Website Structure Screen Shot 

    The "Secure" section contains the "login.aspx" page which is used to authenticate the user.

    I have installed the server certificate and all the plumbing needed to implement the ssl.

    The "Data" section is accessible to authenticated users only but without using ssl. It has to be accessed straight forward using http.

    I'm using one absolute link to "login.aspx" using https and it is working. User is getting authenticated. But, if i try to access any page withing the "Data" section, i'm redirected to the login.aspx page with http and not https because i was using http to access the "Data" section and so the protocol remained http. And so an exception is thrown here indicating that login page is ssl enabled and is accessible via https only.

    Thats fine. b'cos i've configured it like so by protecting the Forms Authentication ticket with requireSSL="true" setting in web.config file.

    Moreover, if access the "Data" section with https then login page is working and user is getting authenticated and redirected to the Data section but with https which i don't want.

    But if i try to redirect with absolute url after logging in, the cookie is not transmitted to the http channel b'cos it is protected and will b transmitted with encrypted channel only.

    So, my question can we implement a sollution just like our asp.net community where ssl is used only for protecting the login page but for rest of the pages, ssl isn't used and they are accessed using http and not https and Forms authentication token still available ?

    Plz suggest.

    Wednesday, December 22, 2010 12:55 AM

Answers