部分SSL在ASP.NET Web表单不改变IIS配置 [英] Partial SSL in ASP.NET Webforms without changing IIS configuration
问题描述
我们有一个非常简单的ASP.NET Web应用程序主要包含静态内容和形式单一,我们要保护使用SSL。有担保的页面在自己的文件夹,但它从一个不安全的母版页继承,并将其与该网站的其他全体其他资源(标识,css文件和一些图片)。该网站是由第三方托管,并更改IIS配置(或更改到不同的主机)是不是一种选择。
We have a very simple ASP.NET web application comprising mostly static content and a single form which we want to protect with SSL. The secured page is in its own folder, but it inherits from an unsecured master page, and it shares some other resources (the logo, css file and some pictures) with the rest of the website. The site is hosted by a third-party, and changing the IIS configuration (or changing to a different host) is not an option.
据我们了解,有部分SSL的ASP.NET打交道时有几个挑战:
As we understand, there are a few challenges when dealing with partial SSL on ASP.NET:
- preventing的此页包含安全和不安全项目的消息。
- 提供相对URL作为重定向到一个安全的网页时,他们将无法在默认情况下工作的支持。
我们不希望因为安全的潜在的性能问题整个网站,那么什么是只保护一个特定网页或文件夹的最佳方式,同时,通过这个页面加载的任何资源将是保证担保呢?
We don’t want to secure the whole site, because of the potential performance issues, so what is the best way to protect only one particular page or folder, guaranteeing at the same time that any resource loaded by this page will be secured as well?
推荐答案
我结束了重写OnInit方法,我想,以确保在页面上,使用描述的解决方案<一个href=\"http://stackoverflow.com/questions/377968/how-do-you-forward-http-request-to-a-https-url/378039#378039\">here:
I ended up overriding the OnInit method on the page I wanted to secure, using the solution described here:
protected override void OnInit(EventArgs e)
{
if (!Request.IsSecureConnection && !Request.IsLocal)
{
UriBuilder builder = new UriBuilder(Request.Url)
{
Scheme = Uri.UriSchemeHttps,
Port = 443
};
Response.Redirect(builder.Uri.ToString());
}
base.OnInit(e);
}
有关网页的其余部分,我从一个基本页面继承与上OnInit方法如下code:
For the rest of the pages, I inherited from a base page with the following code on the OnInit method:
protected override void OnInit(EventArgs e)
{
if (Request.IsSecureConnection)
{
UriBuilder builder = new UriBuilder(Request.Url)
{
Scheme = Uri.UriSchemeHttp,
Port = 80
};
Response.Redirect(builder.Uri.ToString());
}
base.OnInit(e);
}
这篇关于部分SSL在ASP.NET Web表单不改变IIS配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
