开发者

ASP.NET page lifecycle - at what point does one enforce SSL?

When should I enforce SSL for secure pages in an ASP.NET page life-cycle?

I mean should I do it inside page_load? or OnInit? or some other function?

I am开发者_Go百科 using the following code to enforce SSL for certain pages, but where should I put this code? Earlier I placed it inside OnInit function, but that did not work well with ASP.NET wizards. Do I need to check whether it's postback or not first?

 if (!HttpContext.Current.Request.IsSecureConnection) {
                HttpContext.Current.Response.Redirect(SiteNavigation.ResolveAbsoluteUrl(true, HttpContext.Current.Request.Url.PathAndQuery));
            }


The other option would be to do it outside the application altogether and enforce SSL in IIS if the SSL connection is required for the entire site. We've done this in IIS6 by creating two sites for the same domain name.

mysite.com:80 has an HTTP 403 redirect to the SSL version of the site. mysite.com:443 has the actual application in which SSL is enforced.

If the SSL connection isn't required for the whole site, but just the login page or some other isolated part of the site than the programatic method in Global.asax (mentioned by Gonzalo) is probably the best way to go since that'll catch it very early in the page lifecycle.


If you're going to redirect the user, you want to do it as early in the life cycle as possible, since any cpu spent on the lifecycle will be wasted. Do the redirect in OnInit.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜