ASP.Net Membership and HTTPS/SSL

Discussion in 'ASP.NET / ASP.NET Core' started by JohnThompson, May 24, 2009.

  1. Hi

    I am trying to setup HTTPS on my website with DiscountASP to only work on some pages. One important page in question is the Login screen, that uses the ASP.Net membership login control. I do not want every page to use HTTPS because of the performance hit, so I have a subdomain for HTTPS. Therefore I can access my site in these ways:-

    https://secure.MyDomain.com/Login.aspx
    http://www.MyDomain.com/MyPageAfterLoggingIn.aspx

    The problem I have is if I login at the first URL state above and then return to the second URL. Although I did manage to log in at the first URL, I am not logged in when I get to the second URL. If I go back to a page in the HTTPS subdomain again then I am logged in, but only in that subdomain.

    The short question here is "How do I protect my login page (and pages) using HTTPS, without having to use HTTPS on all pages."

    I could do with an answer to this Achilies Heal!

    John Thompson
     
  2. Hi John,

    I use SSL on my application with membership / forms authentication on DASP and it works fine in my setup but my setup is a little different to yours.

    Like yours only certain parts of my application need to be SSL'd, but I do not use a separate domain to enable secure access to my application - I simply use a sub-folder in my domain and SSL protect everything below there.

    My application is a content management system so all public pages obviously don't need SSL but access to the control panel where users edit their websites is protected. e.g.

    http://www.crystalcms.co.uk is not SSL'd
    https://www.crystalcms.co.uk/backoffice/secure/login.aspx is SSL'd

    This works for me because my SSL certificate is registered and issued to the www.crystalcms.co.uk domain and once logged in, the user remains logged in for their entire session whilst accessing pages in the secure area of the application.

    Will that work for you? I'm not sure why you need to use separate domains.
     
  3. Bruce

    Bruce DiscountASP.NET Staff

    If you are on IIS 7.0, you can consider using URLRewrite to redirect all non HTTPS request to HTTPS.
     
  4. Hey guys; this is not actually a reply but it is question. I do not know how to configure my asp.net membership controls to work on production. I have created a website that uses membership feature. It works fine on development but when I deploy, it doesn't work. Every time I try to access any of the pages that uses the membership control, like Login.aspx or createUser.aspx, there is an error about the database.

    Please can you help me with info on how to deploy an asp.net website that uses membership feature? It does not have any other database besides the aspnetDB
     
  5. Asp Membership deployment

    Hi wisemax,

    I read your response to my question and it was really helpful. What the video covered is how to deploy the database to production, but what I need you to help me with now is where in the website file to put the connectionstring that points the website to the database whenever someone is signing up on my site or whenever someone is logging in.

    I deployed the databse before but my website gives error when I try to use the databse oline. Please help me.
     
  6. This is kind of an open ended question. Typically the connection string will be inputted in the applications web.config file. So if your application is inside a subfolder such as www.mydomain.com/mysite you should have a web.config file inside the folder mysite and that's where you will input the connection string. It will be inside the web.config file under the <connectionstring> element. But base off the first thread I am assuming your appication is sitting at the root. So there should be a web.config file sitting at the root and that's where you will input the connection string.
     
  7. Thank

    Thanks guys;

    you have been very helpful. My problem has been solved and I am moving fine.

    Thanks.
     

Share This Page