如何仅在部分网站上实施HTTPS? [英] How to implement HTTPS only on part of website?
问题描述
我想知道,如何在网站的某个部分实施HTTPS?
让我们说,我想创建网上商店。我希望能够在没有HTTPS的情况下浏览所有项目(它更快吧?)。当我想付款时,我想使用HTTPS。
正如我在其他文章中读到的那样,当IIS配置为使用HTTPS时,配置适用于整个站点:(
I was wondering, how can implement HTTPS on one part of website? Let`s say, I want to create internet shop. I want to be able browse all items without HTTPS (it is faster right?). And when I want to make a payment, then I want to use HTTPS. As much as I have read in other articles, when IIS is configured to use HTTPS, the configuration is applied for whole site :(
PS另一个问题。如果我希望商店仅供已经拥有帐户的用户使用(这意味着用户必须登录才能进入商店)该怎么办?然后用户将商品添加到购物篮然后转到付款页面(使用HTTPS)。他们必须有另一个专门用于结账的帐户并在HTTPS页面中登录吗?
P.S. another question. What if I want the shop to be available only for users who already have accounts (it means users have to login to enter the shop)? Then user adds items to basket and then goes to the payment page (which is using HTTPS). Do they have to have another account dedicated for checkout and login to it in HTTPS page?
推荐答案
使用HTTPS进行访问没有任何问题整个网站 - 实际上它是鼓励的。在20世纪90年代,当计算机硬件没有今天那么强大时,对所有请求使用HTTPS都存在性能下降,但现在不做全站点HTTPS的唯一原因就是你买不起20美元的证书费用:)。
There's nothing wrong with using HTTPS for an entire website - in fact it's encouraged. There was a performance downside to using HTTPS for all requests back in the 1990s when computer hardware wasn't as powerful as today, but now the only reason not to do all-site-HTTPS is that you can't afford the $20 a certificate costs :)
无论如何,你读过的文章是半权利的。 HTTPS 支持只能在每个网站的基础上启用,但是您不需要为整个站点强制使用HTTP:这由IIS中的需要SSL / TLS复选框控制。如果未选中该复选框,则用户仍可以使用非安全HTTP浏览该站点。在结帐页面上,您可以在ASP.NET代码中实现需要SSL / TLS功能(检查 Request.IsSecureConnection 属性),例如通过重定向到您网站的安全版本。
Anyway, the articles you've read are half-right. HTTPS support can only be enabled on a per-website basis, however you don't need to make HTTPs mandatory for an entire site: this is controlled by the "Require SSL/TLS" checkbox in IIS. If you leave that checkbox unchecked then users can still browse the site using non-secured HTTP. When it comes to the checkout page, then you can implement the "Require SSL/TLS" feature in your ASP.NET code (check the Request.IsSecureConnection property), such as by doing a redirection to the secure version of your site.
这篇关于如何仅在部分网站上实施HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
