开发者

deploying asp.net MVC 1.0 app with HTTPS

We have an application built on ASP.NET MVC 1.0 which, once deployed, should be accessed with HTTPS. I tried few approaches for HTTPS but I have a few questions.:

  1. My home page does not need to be Secured (HTTPS), but rest of the hyperlinks following it will be Secured.

  2. I read about the action method attribute [requiresHTTPS] however I want to understand what happens to that tag during development on local machine.

  3. In a development enviroment, how do I install a certificate on a dev machine/virtual directory to code and test 开发者_JAVA百科my changes.


So this application is complex in nature and we have around 13 controllers and 50 action methods. This application will have information like Credit card numbers since we do accept payment through this website.

Thanks much !


If it is just about a few static pages of your application that don't need to be secured, I would strongly recommend to simply require SSL for everything by configuring two different sites in IIS, one for the actual page only on port 443, one on port 80 with a permanent redirect.

Advantages:

  • Your application and code doesn't have to know anything about SSL, and you don't need a SSL certificate on your dev machine. The web server does it all for you.
  • No cookie and HTTP caching mess with the HTTP/HTTPS flip-flop
  • If security/privacy matters, it's the best solution anyway to require SSL for all pages.

Regarding the possible disadvantage: serving a few requests on static resources via SSL is probably almost no overhead, compared to the rest of your application.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜