运行Web应用程序时如何显示https和锁定(安全)? [英] How to show https and lock(secured) when running the web application?

问题描述

朋友，

在ASP.NET中，当我们在浏览器地址栏中运行Web应用程序时，将出现http:/localhost:..../page_name.aspx而不是此https:/localhost:..../page_name.aspx和安全锁定符号，就像浏览银行网站一样.

有可能吗?
https:/xxxxxxxxxx和锁定符号?/page_name

Friends,

In ASP.NET, when we run the web application in the browser address bar http:/localhost:..../page_name.aspx will come so instead of this https:/localhost:..../page_name.aspx and secure lock symbol just like we browse bank websites.

Is it possible to do ?
https:/xxxxxxxxxx and lock symbol ?/page_name

推荐答案

开始^ ].

HTTPS就像HTTP一样被实现为协议. HTTP URL以"http"开头，而HTTPS协议以"https"开头.例如，以下URL在HTTP配方站点上指定了一个安全页面:
https://www.httprecipes.com/1/5/https.php
重要的是要理解以"https"开头的URL不仅仅是以"http"开头的同一URL的安全版本.考虑以下URL:
http://www.httprecipes.com/1/5/https.php
在本节中看到的两个URL完全相同，除了一个URL是HTTP，另一个是HTTPS.您可能会认为输入第二个URL会将您带到https.php页面的未加密版本.它不是.如果您在网络浏览器中输入第二个URL，则将显示找不到页面或404错误.
这是因为在"HTTP食谱"网站的未加密服务器上不存在文件https.php.这是重要的区别.有两个运行在的Web服务器.端口80上运行着一个未加密的HTTP服务器.端口443上运行着一个加密的HTTPS服务器.这两个服务器不共享同一组HTML文件.对于HTTP Recipes网站，第5章托管在HTTPS服务器上，其余各章托管在HTTP服务器上.
安全超文本传输​​协议(HTTPS)与HTTP一样使用套接字.但是，它使用一种称为安全套接字的特殊套接字.安全套接字是使用安全套接字层(SSL)实现的. C#支持的SSL提供了两个非常重要的安全机制，在此处列出.
加密的数据包，
服务器验证
Web服务器通常同时使用这两种机制.接下来的两个部分将讨论这两种机制.
了解加密的数据包
大多数用户与HTTPS关联的方面是数据加密.使用HTTPS站点时，通常在浏览器底部附近会看到一个小的锁定符号".看到锁后，便知道您的数据已加密，并且您正在使用安全站点.
数据加密非常重要.当您在网站上输入信用卡号时，您要确保只有该网站才能访问您的信用卡号.由于TCP/IP流量在最终到达您的目标Web服务器之前可以通过许多不同的主机传播，因此您不希望恶意用户在您和Web服务器之间的某个地方截取您的信用卡号.
通过加密您与Web服务器之间交换的数据包，可以减少您的数据包被拦截的问题.如果有人确实拦截了您的数据包，则会对其进行加密.
了解服务器验证
加密不是HTTPS提供的唯一好处.服务器验证是另一个重要的好处.请考虑访问以下URL时会发生什么情况:
https://www.httprecipes.com/1/5/https.php
Web浏览器将URL分解并找到主机名.在这种情况下，主机名是www.httprecipes.com.这是一个域名，然后网络浏览器会在域名系统(DNS)服务器中查找该域名.本书撰写时，www.httprecipes.com的IP地址为216.69.170.193.但是您怎么知道IP地址216.69.170.193确实是HTTP Recipes网站?当Web管理员切换托管公司时或其他原因，IP地址有时会更改.有人可能劫持了www.httprecipes.com DNS条目，并将其指向运行在不同IP地址上的恶意Web服务器.
HTTPS解决了此问题. HTTPS所基于的SSL协议的一部分，验证DNS返回的IP地址是站点的实际地址.每个使用HTTPS的网站都必须颁发SSL证书.通常，这些证书是由Verisign(http://www.verisign.com
).向Web服务器授予证书后，颁发证书的公司将验证颁发证书的IP地址是否与域名匹配.
当您访问https://www.httprecipes.com

HTTPS is implemented as a protocol just like HTTP. Whereas an HTTP URL starts with "http", an HTTPS protocol starts with "https". For example, the following URL specifies a secure page on the HTTP recipe site:
https://www.httprecipes.com/1/5/https.php
It is important to understand that a URL starting with "https" is not just a secure version of the same URL beginning with an "http". Consider the following URL:
http://www.httprecipes.com/1/5/https.php
The two URLs you see in this section are exactly the same, except that one is HTTP and the other HTTPS. You might think that entering the second URL would take you to an unencrypted version of the https.php page. It does not. If you enter the second URL into a web browser, you will get a page not found, or the 404, error.
This is because the file https.php does not exist on the "HTTP Recipes" Site’s unencrypted server. This is the important distinction. There are two web servers running at . There is an unencrypted HTTP server running at port 80. There is also an encrypted HTTPS server running at port 443. These two servers do not share the same set of HTML files. In the case of the HTTP Recipes site, Chapter 5 is hosted on the HTTPS server, and the rest of the chapters on the HTTP server.
Hypertext Transfer Protocol Secure (HTTPS) uses sockets just like HTTP. However, it uses a special socket called a secure socket. Secure sockets are implemented using the Secure Socket Layer (SSL). SSL, which is supported by C#, provides two very important security mechanisms, which are listed here.
Encrypted packets, and
Server verification
Web servers commonly use both of these mechanisms. These two mechanisms will be discussed in the next two sections.
Understanding Encrypted Packets
The aspect that most users associate with HTTPS, is data encryption. When you use an HTTPS site, you normally see a small "lock symbol" near the bottom of your browser. Once you see the lock, you know that your data is being encrypted, and you are using a secure site.
Data encryption is very important. When you enter a credit card number into a web site, you want to be sure that only that web site gains access to your credit card number. Because TCP/IP traffic can travel through a number of different hosts before it finally reaches your intended web server, you do not want a malicious user intercepting your credit card number somewhere between you and the web server.
By encrypting the packets being exchanged between you and the web server, the problem of your packets getting intercepted is decreased. If someone does intercept your packet, it will be encrypted.
Understanding Server Verification
Encryption is not the only benefit provided by HTTPS. Server verification is another important benefit. Consider what happens when you access the following URL:
https://www.httprecipes.com/1/5/https.php
The web browser takes apart the URL and finds the hostname. In this case, the host name is www.httprecipes.com. This is a domain name, which the web browser then looks up in a Domain Name System (DNS) server. As at the writing of this book, the IP address for www.httprecipes.com is 216.69.170.193. But how do you know that the IP address 216.69.170.193 is really the HTTP Recipes site? IP addresses sometimes change when the web master switches hosting companies, or for other reasons. Someone could have hijacked the www.httprecipes.com DNS entry and pointed it to a malicious web server running on a different IP address.
HTTPS solves this problem. Part of the SSL protocol, upon which HTTPS is based, verifies that the IP address returned by DNS is the actual address of the site. Every website that uses HTTPS must be issued with a SSL certificate. Usually these certificates are issued by Verisign (http://www.verisign.com
). When a web server is granted a certificate, the company that issues the certificate verifies that the IP address to which the certificate is issued, matches the domain name.
When you access https://www.httprecipes.com

this[^] also might give you an idea.

这篇关于运行Web应用程序时如何显示https和锁定(安全)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！