Selectively redirect to https, not all pages
I have a website that requires some secure pages for logging in, user accounts, form submission etc. but does not need to be secure on most pages.
Certificate purchased and installed on www.mywebsite.com.
I am currently redirecting users to the https by using this C# code in the page_load:
if (!Request.IsLocal && !Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
My concern is that after visiting the secure page and the user clicks on another page, it stays secure rather than going back to http.
I have looked at a number of op开发者_开发技巧tions including IIS rewrite (it's like a whole other language and too complicated) and coding something globally (redirects every page, not selective).
Is there a simple solution that will allow me to redirect to https on selected pages (about 10 or so pages, or all pages in a particular folder) and then back to http on all others? I'm not the greatest coder in the world, so trying to find something easy to implement and understand.
If any portion of your website requires SSL, then I would strongly recommend that you use SSL throughout. You would be unnecessarily opening yourself up to potential data loss by doing anything else. Check out OWASP Top Ten for more info.
you can use HTTP Handlers to solve this issues instead of having the code on each page load
精彩评论