Saturday, March 24, 2012

Mixing SSL/non SSL pages

Hi all gurus;
forgive me if I'm writing about a basic question.
I need to call a secured (SSL) page from a .aspx page. Calling an
absolute URL rises an error (invalid path... Virtual path required), so
I'm not able to intermix http and https calls. Is there a way to make it
so? TIA

*** Sent via Developersdex http://www.developersdex.com ***"tesis" <nospam@.devdex.comwrote in message
news:uyZS3HryHHA.1176@.TK2MSFTNGP05.phx.gbl...

Quote:

Originally Posted by

Hi all gurus;
forgive me if I'm writing about a basic question.
I need to call a secured (SSL) page from a .aspx page. Calling an
absolute URL rises an error (invalid path... Virtual path required), so
I'm not able to intermix http and https calls. Is there a way to make it
so? TIA


Please show your code.

--
Mark Rae
ASP.NET MVP
http://www.markrae.net
LOT, Mark, 4 your rpy. Here's my (real) code:

Private Sub btnRinnCrCard_Click(ByVal sender As System.Object, ByVal
e As System.EventArgs) Handles btnRinnCrCard.Click
Session("IdSocieta") = lblIdSoc.Text
Session("Denominazione") = txtDenominazione.Text
Session("ImpRinnovo") = txtImpDovuto.Text
Session("CausaleVers") = "Riaffiliazione"
Session("CodCausale") = "2"
Dim temp As String = Session.SessionID
Dim path As String = Server.MapPath(".")
'it's unuseful to store ds in a Session variable, as it will be
lost switching to https, so it needs to be serialized; better to make it
so now
dsRiepilogo.WriteXml(path + "\" + temp + ".tmp")
Dim serverName As String =
HttpContext.Current.Server.MachineName
If serverName = "AMILO" Then
Server.Transfer("wfrmPagaCarta.aspx") 'development server
Else

Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
")
End If
End Sub

*** Sent via Developersdex http://www.developersdex.com ***
"tesis" <nospam@.devdex.comwrote in message
news:egsK9VDzHHA.1168@.TK2MSFTNGP02.phx.gbl...

Quote:

Originally Posted by

Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx")


Is it not simply that the above URL is actually invalid...?

--
Mark Rae
ASP.NET MVP
http://www.markrae.net

Hi Mark.
No, unfortunately, the link is valid. (BTW, the site actually listens on
ports 8080/5443, which at this moment are locked but for internal
addresses, so it's unreacheable but from IPs inside the firewall). The
error thrown AFAIK indicates that an absolute url can't be used, only a
virtual one can. Does it make sense? TIA

*** Sent via Developersdex http://www.developersdex.com ***
Hi Mark, a little clarification!
The code was:

If ServerName = "AMILO" then
Server.Transfer("http://localhost/TessHockey/wfrmPagaCarta.aspx")
else
Server.Transfer("https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
")
endif

and the error was thrown even walking the 1st part of the if statement,
so for developing I changed it in a relative path.

*** Sent via Developersdex http://www.developersdex.com ***
"tesis" <nospam@.devdex.comwrote in message
news:ug3d7hEzHHA.4276@.TK2MSFTNGP05.phx.gbl...

Quote:

Originally Posted by

No, unfortunately, the link is valid. (BTW, the site actually listens on
ports 8080/5443, which at this moment are locked but for internal
addresses, so it's unreacheable but from IPs inside the firewall). The
error thrown AFAIK indicates that an absolute url can't be used, only a
virtual one can. Does it make sense? TIA


Apologies - completely missed that!

Yes, you're quite correct - Server.Transfer doesn't allow absolute paths,
only relative ones, because it considers a double slash (// or \\) as an
invalid character combination:
http://msdn2.microsoft.com/en-us/library/ms525800.aspx
So, you have three choices:

1) Make the entire site https (probably not a good idea if you only require
SSL on a small section of the site)

2) Use Response.Redirect instead of Server.Transfer (not ideal because of
session management issues)
http://www.google.co.uk/search?hl=e...t+session&meta=
3) Use this:
http://www.codeproject.com/aspnet/W...mid=53615&exp=0
It's a superb add-in for ASP.NET and, once you've configured it, you really
can just forget it.

--
Mark Rae
ASP.NET MVP
http://www.markrae.net
I really appreciate your help, Mark.
It's a very interesting solution you quotes on your 3rd chance. I'm
going to try this approach. Thanks again.

*** Sent via Developersdex http://www.developersdex.com ***
"tesis" <nospam@.devdex.comwrote in message
news:evwdtDGzHHA.1484@.TK2MSFTNGP06.phx.gbl...

Quote:

Originally Posted by

It's a very interesting solution you quotes on your 3rd chance. I'm
going to try this approach.


I use it for all my sites and web apps which require SSL.

--
Mark Rae
ASP.NET MVP
http://www.markrae.net
re:
!the site actually listens on ports 8080/5443

If those are the ports which the site listens on, and :
https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
is the URL you redirect to, you're redirecting to port 80, not 8080.

I wonder if that could have something to do with your problem.

If you want to redirect to that URL, on port 8080, you should use :

https://www.fih-hockey.it:8080/Tess...mPagaCarta.aspx
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaol : http://asp.net.do/foros/
======================================
"tesis" <nospam@.devdex.comwrote in message news:ug3d7hEzHHA.4276@.TK2MSFTNGP05.phx.gbl...

Quote:

Originally Posted by

>
>
Hi Mark.
No, unfortunately, the link is valid. (BTW, the site actually listens on
ports 8080/5443, which at this moment are locked but for internal
addresses, so it's unreacheable but from IPs inside the firewall). The
error thrown AFAIK indicates that an absolute url can't be used, only a
virtual one can. Does it make sense? TIA
>
*** Sent via Developersdex http://www.developersdex.com ***


And, of course, that assumes you're using 8080 as your SSL port.

If you're using 5443 as your SSL port, that URL would be :

https://www.fih-hockey.it:5443/Tess...mPagaCarta.aspx
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaol : http://asp.net.do/foros/
======================================
"Juan T. Llibre" <nomailreplies@.nowhere.comwrote in message news:O2or1LGzHHA.4928@.TK2MSFTNGP03.phx.gbl...

Quote:

Originally Posted by

re:
!the site actually listens on ports 8080/5443
>
If those are the ports which the site listens on, and :
https://www.fih-hockey.it/TessOnLine/wfrmPagaCarta.aspx
is the URL you redirect to, you're redirecting to port 80, not 8080.
>
I wonder if that could have something to do with your problem.
>
If you want to redirect to that URL, on port 8080, you should use :
>
https://www.fih-hockey.it:8080/Tess...mPagaCarta.aspx
>
>
>
>
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaol : http://asp.net.do/foros/
======================================
"tesis" <nospam@.devdex.comwrote in message news:ug3d7hEzHHA.4276@.TK2MSFTNGP05.phx.gbl...

Quote:

Originally Posted by

>>
>>
>Hi Mark.
>No, unfortunately, the link is valid. (BTW, the site actually listens on
>ports 8080/5443, which at this moment are locked but for internal
>addresses, so it's unreacheable but from IPs inside the firewall). The
>error thrown AFAIK indicates that an absolute url can't be used, only a
>virtual one can. Does it make sense? TIA
>>
>*** Sent via Developersdex http://www.developersdex.com ***


>
>


Thank you, Juan, 4 your interest.
Of course you're quite right: I've to include ports in URL if not
addressing port 80 for http and 443 for https. I've just striped ports
from code snipplets for the sake of simplicity. The real code should
address the real ports. I guess I should write in web.config:
encrypedUri="www.mysite.com:5443" unencriptedUri="www.mysite.com:8080".
Have a nice day.

*** Sent via Developersdex http://www.developersdex.com ***
Hi Mark,
forgive me if I'm bothering you once more.
Since the real code should address the real ports, I guess I've 2 write
in web.config:

encrypedUri="www.mysite.com:5443" unencriptedUri="www.mysite.com:8080"

Am I correct? If not, how2 address non-standard ports?
At the moment, I'm configuring my development environment with version
2.6, since it's FW 1.1 (BTW, notices are 4 3.1, and this caused me some
headache), and addressing ports with encrypted/unencryptedUri is working
fine.
A curious side effect of this module is that having 2 bg pictures with
same name in unsecure dir and secure dir, pages are displayed 1st time
with "unsecure" bg, and then, only when secured, with "secure" bg;
actually, I'm going to use this effect for my advantage.
Have a nice day, and LOT again.

*** Sent via Developersdex http://www.developersdex.com ***

Hi gurus.
This approach behaves well in my dev enironment. While switched to
production, however, problems arise. Variable fields in the page are not
saved. Session variables are no more mantained between pages ('cause
SessionId changes) when security module switches between http and https,
nor context variables do. I've read a suggestion to use server.execute,
but this mixes page contents. Cache objects last too long, and
application's can't be used as it's system-wide, and many users can use
the same app at the same time. Cookies may be disabled on clients' side,
and since security module handles the request generating a second
request when switching contexts, even QueryString, I guess (this one are
not have tested), can't be used. What else can I do?

*** Sent via Developersdex http://www.developersdex.com ***

Posted by writhetyug at 10:26 PM
Labels: , , , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)