A simple Javascript solution that changes https: to http: in URLs for secured and non-secured pages
IntroductionA simple JavaScript solution to prevent 403.4 errors during redirects in ASP.net applications where some pages are secured with SSL.
BackgroundWhile I was working with SSL encryption on a recent project, I realized the need to have a dynamic and reliable way to redirect the browser to the next page regardless of whether the current page uses SSL and the next page doesn't, or visa versa. Server solutions didn't work. I read several forum posts suggesting that the programmer use code-behind on the server like this, placed in the Page_Load event: Dim strURL As String = Request.Url.ToString()
If Request.IsSecureConnection Then
If strURL.IndexOf("http:") > -1 Then
strURL = strURL.Replace("http:", "https:")
Response.Redirect(strURL)
End If
Else
If strURL.IndexOf("https:") > -1 Then
strURL = strURL.Replace("https:", "http:")
Response.Redirect(strURL)
End If
End IfThis method uses Request.IsSecureConnection to test whether or not SSL is required by IIS for the current page, then Response.redirect to send the browser back to the same requested URL, replacing the http: with https: for the second request. This idea seemed to make sense until I realized that IIS 7 (and maybe other versions of IIS) doesn't pass the request to the web application if a page that is secured with SSL is requested without the https: prefix. Instead, an error is raised in IIS and the user gets an ugly 403.4 error page which, despite Microsoft's best efforts to help users solve their own problems, reads like instructions on how to program a VCR from 1988. Read more: Codeproject
IntroductionA simple JavaScript solution to prevent 403.4 errors during redirects in ASP.net applications where some pages are secured with SSL.
BackgroundWhile I was working with SSL encryption on a recent project, I realized the need to have a dynamic and reliable way to redirect the browser to the next page regardless of whether the current page uses SSL and the next page doesn't, or visa versa. Server solutions didn't work. I read several forum posts suggesting that the programmer use code-behind on the server like this, placed in the Page_Load event: Dim strURL As String = Request.Url.ToString()
If Request.IsSecureConnection Then
If strURL.IndexOf("http:") > -1 Then
strURL = strURL.Replace("http:", "https:")
Response.Redirect(strURL)
End If
Else
If strURL.IndexOf("https:") > -1 Then
strURL = strURL.Replace("https:", "http:")
Response.Redirect(strURL)
End If
End IfThis method uses Request.IsSecureConnection to test whether or not SSL is required by IIS for the current page, then Response.redirect to send the browser back to the same requested URL, replacing the http: with https: for the second request. This idea seemed to make sense until I realized that IIS 7 (and maybe other versions of IIS) doesn't pass the request to the web application if a page that is secured with SSL is requested without the https: prefix. Instead, an error is raised in IIS and the user gets an ugly 403.4 error page which, despite Microsoft's best efforts to help users solve their own problems, reads like instructions on how to program a VCR from 1988. Read more: Codeproject
0 comments:
Post a Comment