How to get an https url when using Forms and Default login redirect

26 Jun 2009 2:50 PM

ADNT

Hello,

Using Forms authentication, I have in web.config

<authentication mode="Forms">
<forms loginUrl="https://wwwmysite.com/secure/login.aspx"
defaultUrl="~/DefaultPage.aspx" requireSSL="false" />
</authentication>

A certificate is installed and working but when a non authenticated user try
to access a protected page, he is redirected without the https scheme ?

calling manually the url with https works perfectly

Why FormAuthentication's redirect is removing the https scheme ????

Thanks for help.

CS

26 Jun 2009 6:53 PM

Juan T. Llibre

Here's a pretty good tutorial which can serve as a model for you:

http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html

Also, there are those who say that making your login page https is not good practice.
Your login page should be http and your *other* pages should be https.

Check out these two discussions :

http://forums.asp.net/t/1110341.aspx

http://forums.asp.net/t/836624.aspx

....and this article with sample code:

http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx

Juan T. Llibre, asp.net MVP
¿ Estas probando VS 2010 y ASP.NET 4.0 ?
Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español
http://asp.net.do/foros/forums/
=====================================================
Show quoteHide quote

"ADNT" <christian.surieux@NOSPAMPaddonnice.com> wrote in message news:%23IOkH2m9JHA.1492@TK2MSFTNGP03.phx.gbl...
> Hello,
>
>
> Using Forms authentication, I have in web.config
>
> <authentication mode="Forms">
> <forms loginUrl="https://wwwmysite.com/secure/login.aspx" defaultUrl="~/DefaultPage.aspx" requireSSL="false" />
> </authentication>
>
> A certificate is installed and working but when a non authenticated user try to access a protected page, he is
> redirected without the https scheme ?
>
> calling manually the url with https works perfectly
>
> Why FormAuthentication's redirect is removing the https scheme ????
>
> Thanks for help.
>
> CS
>

27 Jun 2009 6:27 AM

ADNT

Thanks Juan,

I know all this but it doesn't work in my case, may be articles are too old
for net 3.5 web.config :)
My problem is : when I do a redirect with https, I get http in the location
header reaching the browser.

CS
Show quoteHide quote

"Juan T. Llibre" <nomailrepl***@nowhere.com> a écrit dans le message de
news:Orpco9o9JHA.1376@TK2MSFTNGP02.phx.gbl...
> Here's a pretty good tutorial which can serve as a model for you:
>
> http://tonesnotes.com/blog/2004/05/aspnet_forms_authentication_wi.html
>
> Also, there are those who say that making your login page https is not
> good practice.
> Your login page should be http and your *other* pages should be https.
>
> Check out these two discussions :
>
> http://forums.asp.net/t/1110341.aspx
>
> http://forums.asp.net/t/836624.aspx
>
> ...and this article with sample code:
>
> http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx
>
>
>
>
> Juan T. Llibre, asp.net MVP
> ¿ Estas probando VS 2010 y ASP.NET 4.0 ?
> Regístrate (gratis) en los Foros de VS 2010 y ASP.NET 4.0, en español
> http://asp.net.do/foros/forums/
> =====================================================
> "ADNT" <christian.surieux@NOSPAMPaddonnice.com> wrote in message
> news:%23IOkH2m9JHA.1492@TK2MSFTNGP03.phx.gbl...
>> Hello,
>>
>>
>> Using Forms authentication, I have in web.config
>>
>> <authentication mode="Forms">
>> <forms loginUrl="https://wwwmysite.com/secure/login.aspx"
>> defaultUrl="~/DefaultPage.aspx" requireSSL="false" />
>> </authentication>
>>
>> A certificate is installed and working but when a non authenticated user
>> try to access a protected page, he is redirected without the https scheme
>> ?
>>
>> calling manually the url with https works perfectly
>>
>> Why FormAuthentication's redirect is removing the https scheme ????
>>
>> Thanks for help.
>>
>> CS
>>
>
>
>