I have a web application hosted on DASP. My client requires that all web page and web service data be encrypted along with using ASP.NET Forms Authentication. Forms authentication has been established (except for access to the web services calls - working on that). I have obtained an SSL Ceritficate and it has been installed on my site. The problem: With SSL installed on the site one canbypass SSL by entering HTTP:// and any valid page in the site. I am hoping to force the use of SSL (HTTPS://) through the site. Additionally I'm hoping to avoid the standard ASP.NET error page for the"403.4 - Forbidden: SSL required..." error message and have the response redirected to the default site page. After doing a little research... here is my plan: 1. Enable the ?require secure channel? option for the site.</o> 2. HTTP users should get a 403;4 error?</o> 3. Setup a custom error in IIS: Edit the 403;4 error properties to be a URL in my site (?/NonSSL/SSLRedirect.aspx?).</o> 4. In the SSLRedirect.aspx I plan to have the following: ?Response.Redirect("https://www.mydomain.net/")?.</o> 5. Disable the ?require secure channel? option for the ?/NonSSL/? folder - to avoid a circular reference. 6. Because I use ASP.NET authentication, edit the site's web.config file by adding a location tag for the redirect file, location path="NonSSL/SSLRedirect.aspx", and then add the authorization tag for allow users="?,*". The only remaining issue (that I know of) is to create the custom error for the 403.4 statuscode. I'm told that this cannot be done using the MMC tool on the server (which I do on my development server) and that I must use a "customerrors" tag in my web.config file. I have added the following XML to my congif file: <customErrors mode="On" defaultRedirect="DefaultError.aspx"> <error statusCode="403;4" redirect="~/NonSSL/SSLRedirect.aspx"/> </customErrors> However I get an error stating that "The statusCode value is invalid... data type Int...". Does anyone know how to make a valid entry for the status code 403;4 in the web.config file? Thanks in advance foryour help, Bob </o>
Thanks Burce, I've looked all over and have not found any references on the web. The only way that I can fine is to add the custom error URL for 403;4 using the IIS - MMC tool. Is this something that I can request through a help ticket? Bob
Yes. We can change the IIS custom error for you. Pls create a ticket Bruce DiscountASP.NET www.DiscountASP.NET
