Security

Re: how to make http be https

qbernard — Fri, 01 Feb 2008 03:39:51 GMT

if you require entire website to be on https, then configure the require secure channel at website level.

Re: how to make http be https

hardy — Thu, 31 Jan 2008 16:27:31 GMT

i have make like step5....

but all page can use http or https...

i don't understand..

in iis have virtual folder, i click view sertificate in directory security, after that i choose detail tab, and click edit property, and choose disable all purpose for this certificate.. and ok.

after that, i click edit in under view certificate.. i am not checklist anything.

then in pay.aspx, i clikc view certificate, choose enable all purpose for this certificate.. then in edit, i checklist require secure channel and require 128 encryption.

after that i run default.page. it can use http and can not use https. then i run to pay.aspx, it use https. then i click default.aspx, it use https and can http too..
is there something wrong with my setting in iis?

pls.. thx...

Re: how to make http be https

tomkmvp — Thu, 31 Jan 2008 13:03:53 GMT

Look at step #5 in your second post ...

5.	Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.

Re: how to make http be https

hardy — Thu, 31 Jan 2008 02:34:22 GMT

now, i can create and install certificate in default website... in default website, i put my project is name Ta.

if i run my project in IE, all page in my project use https...

but i want only use https is some page like pay.aspx and login.aspx..

where should i setting?

thx...

Re: how to make http be https

hardy — Tue, 29 Jan 2008 15:31:42 GMT

how to install ssl? where can i download the ssl program?

is there must request certificate from a third-party CA?
thx...

Re: how to make http be https

qbernard — Tue, 29 Jan 2008 07:28:01 GMT

You will need to install the SSL first before you can configure the SSL settings.

Re: how to make http be https

hardy — Tue, 29 Jan 2008 03:20:54 GMT

thx for information..

sory for long time to reply...

your url is teaching like this:

Configure Folder or Web Site to Use SSL/HTTPS

loadTOCNode(3, 'summary'); This procedure assumes that your site has already has a certificate assigned to it.

1.	Log on to the Web server computer as an administrator.
2.	Click Start, point to Settings, and then click Control Panel.
3.	Double-click Administrative Tools, and then double click Internet Services Manager.
4.	Select the Web site from the list of different served sites in the left pane.
5.	Right-click the Web site, folder, or file for which you want to configure SSL communication, and then click Properties.
6.	Click the Directory Security tab.
7.	Click Edit.
8.	Click Require secure-channel (SSL) if you want the Web site, folder, or file to require SSL communications.
9.	Click Require 128-bit encryption to configure 128-bit (instead of 40-bit) encryption support.
10.	To allow users to connect without supplying their own certificate, click Ignore client certificates. Alternatively, to allow a user to supply their own certificate, use Accept client certificates.
11.	To configure client mapping, click Enable client certificate mapping, and then click Edit to map client certificates to users. If you configure this functionality, you can map client certificates to individual users in Active Directory. You can use this functionality to automatically identify a user according to the certificate they supplied when they access the Web site. You can map users to certificates on a one-to-one basis (one certificate identifies one user) or you can map many certificates to one user (a list of certificates is matched against a specific user according to specific rules. The first valid match becomes the mapping).
12.	Click OK.

but in Directory Security, the secure communication is off, so can be choose it's edit..

how to make that on?

thx..

Re: how to make http be https

qbernard — Tue, 08 Jan 2008 04:26:43 GMT

well,

1) make sure you got a SSL cert for the website.
HOW TO Set Up an HTTPS Service in IIS
http://support.microsoft.com/?id=324069

HOW TO Enable SSL for All Customers Who Interact with Your Web Site
in Internet Information Services
http://support.microsoft.com/?id=298805

2) then when redirecting to login.aspx, use https link instead of http.
and when posting the form use https as well.

how to make http be https

hardy — Mon, 07 Jan 2008 11:22:09 GMT

hello all...

i have two page are default.aspx and login.aspx.

in IE, i click http://localhost:1043/TA/Default.aspx, then it run to default page.

i want when i click login in default.aspx, it run to login.aspx but use https.

how to make it?

thx...