Home > Forums › IIS 5.x & 6.0 › Security › Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Thread: Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Last post 10-14-2008 9:37 PM by naziml. 3 replies.

Average Rating Rate It (5)Thank you for the rating!

RSS

Page 1 of 1 (4 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

10-13-2008, 2:54 PM

mybestguess
Joined on 10-13-2008, 6:38 PM
Posts 8

Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Reply Contact

It as been the recent task of our team to come up with both short and long term solutions to the concern of SSL security on our sites.

The first solution off the top of the head is to do 1 of the following 2. Either take the pain and time consuming option of coding each individual website to rediret to https to use ssl. The second approach would be to have IIS force a redirect to the https and www paths.

The catch is what would be the best approach. I am thinking of a quick and easy temporary solution first. Then a long term solution. But the long term solution has a catch. In the next few months (early - Mid 2009) we are moving to Server 2008 with IIS7 and that may negate the changes necessary in IIS6.

Any and all suggestions are appreciated on this matter. If you have any suggestions regarding the best way to add SSL to existing sites please let me know. I would like to try and avoid a manual reprogramming of that many websites. Thank you

MBG

10-14-2008, 7:07 AM In reply to

jeff@zina.com
Joined on 09-26-2003, 10:43 AM
Naples, FL, USA
Posts 2,093

Re: Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Reply Contact

mybestguess:
If you have any suggestions regarding the best way to add SSL to existing sites please let me know.

Install the certificate and check the Require Secure Connections box.

Jeff

Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

10-14-2008, 1:20 PM In reply to

mybestguess
Joined on 10-13-2008, 6:38 PM
Posts 8

Re: Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Reply Contact

Thank you. I know about the certificates but I didn't know if there was an easier solution. We have 7 certificates for 7 domains and on 3 of those domains, there are 20+ sites that need to have SSL enabled.

The only problem I saw with that is there will be a lot of custom code entered to handle redirects to https and I didn't know if there was an easier way to handle the redirect instead of custom coding each of the 75+ sites?

10-14-2008, 9:37 PM In reply to

naziml
Joined on 03-10-2008, 2:25 PM
Posts 41

Re: Securing sites - classic asp - .Net 1.1, .Net 2.0, and .Net 3+

Reply Contact

You can use IIS config to redirect instead of the application doing it. Here's how you set this up for IIS6: http://technet.microsoft.com/en-us/library/cc736641.aspx

Page 1 of 1 (4 items)