[英]HTTPS for only one ASP.NET page (Login.aspx), HTTP always for rest of site
I have an ASP.NET 4.0 webforms site with an SSL certificate on it. 我有一个带有SSL证书的ASP.NET 4.0 webforms站点。 I can currently go to the site via HTTP or HTTPS and it works fine. 我现在可以通过HTTP或HTTPS访问该网站,它工作正常。 Regardless or the merits of the decision, what my manager wants is to be able to go to http://example.com/Login.aspx and have that redirect to https://example.com/Login.aspx so that HTTPS is enforced on ONLY this Login.aspx page. 无论该决定的优点还是优点,我的经理想要的是能够访问http://example.com/Login.aspx并将其重定向到https://example.com/Login.aspx,以便HTTPS是仅在此Login.aspx页面上强制执行。 However, when logged in (Login.aspx redirects user to Default.aspx), the rest of the site needs to always be regular HTTP. 但是,登录后(Login.aspx将用户重定向到Default.aspx),站点的其余部分需要始终是常规HTTP。
Bottom line: Login.aspx should always be HTTPS, regardless if the user entered in HTTP or HTTPS when going to the site. 结论:Login.aspx应始终为HTTPS,无论用户在访问网站时是输入HTTP还是HTTPS。 The rest of the site should always be HTTP. 网站的其余部分应始终为HTTP。 How can I achieve this via IIS or a code solution? 如何通过IIS或代码解决方案实现此目的?
UPDATE 1: Here's the coded solution I've got working. 更新1:这是我工作的编码解决方案。 I'd like to try with IIS Rewrite Module, just waiting on IT support to install it for me. 我想尝试使用IIS Rewrite Module,只需等待IT支持人员为我安装它。 RequireHttpsOnLogin() is called in Global.asax.cs in method Application_BeginRequest: 在Application_BeginRequest方法中的Global.asax.cs中调用RequireHttpsOnLogin():
public void RequireHttpsOnLogin()
{
if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false) && HttpContext.Current.Request.FilePath.EndsWith("Login.aspx"))
{
//On HTTP login page on server, redirect to HTTPS
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
}
else if (HttpContext.Current.Request.IsSecureConnection.Equals(true) && HttpContext.Current.Request.IsLocal.Equals(false) && !HttpContext.Current.Request.FilePath.EndsWith("Login.aspx"))
{
//Not on HTTP login page and on server, redirect to HTTP
Response.Redirect("http://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
}
}
UPDATE 2: The following is working for the Login page to be HTTPS, but not the other pages to be HTTP always. 更新2:以下内容适用于登录页面为HTTPS,但其他页面始终不是HTTP。
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="(Login.aspx)" ignoreCase="true"/>
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found"/>
</rule>
<rule name="Redirect to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{R:1}" pattern="(login.aspx)" negate="true" ignoreCase="true" />
<add input="{HTTPS}" pattern="^ON$" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Try adding below in your Web.config 尝试在Web.config中添加以下内容
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="(Login.aspx)"/>
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found"/>
</rule>
</rules>
</rewrite>
</system.webServer>
您可以将代码放在方法Application_BeginRequest中的Global.asax.cs中,以根据需要强制重定向。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.