Geeks With Blogs
A Developer's Expedition www.kenl.net
 
I had to make our site work in SSL mode and ONLY SSL mode. I also had to allow url's that pointed to our site before I forced it work in secure mode. I also had to allow for all the other domain names that we own work in SSL mode.
I thought I would share how to get this done right so no matter what it works.
 
Create an HTML page named 403-4.htm. Put it in a folder outside your web site’s root folder. Give the page your company’s logo and some nice looking text that states;
 
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
 
If you are not automatically redirected to our secure site, please click on this link;   <add your link>
 
Now you are done with the basics; let’s do some scripting
 
<script type="text/javascript">
 
function goSSL()
{
 
var myDomain = window.location.hostname;
 
// Add your domain name here
// This variable is used to ensure the domain with the
// SSL cert is always called
if (myDomain != "www.mydomain.com") {
    myDomain = "www.domain.com"
}
 
// This variable is used to extract the url the user
// entered the site with
var unsecure = myDomain + window.location.pathname;
var secure = "";
 
// This was my original comparison
// it just always forced the user has the www.
// I left it but you could change the secure var
// above to have the https:// portion since
// the myDomain var is set...
if(unsecure.substring(0,3) != "www") {
      secure = "https://www." + unsecure;
}
else {
      secure = "https://" + unsecure;
}
 
// Just incase the user had a query string
query = '' + window.location;
position = query.indexOf('?');
if (position > -1)
{
      query = query.substring(position + 1);
      secure = secure + "?" + query;
}
 
// open the window to the newly set url
window.location = secure;
 
</script>
 
Setting up IIS:
 
Open IIS and go to the properties of your web site
Click on the security tab
Click on Edit under Secure Communications
                I am assuming you already have an ssl cert on the site!
Check the require secure channel box
Check the require 128 bit encryption box
Click OK
Click on the Custom Error's tab
Click on the 403;4 error
Click on Edit and point to the file you made above
Click OK
Click OK
 
Using this technique every domain you have pointed to this web site will be forced to use your secure SSL domain. The user will be presented with a quick flash of a page telling them that the site is secure for their safety.
 
The next secure web page you go to try changing the page back to http – this technique will put the page right back to the page the user was at and securely.
Posted on Thursday, July 23, 2009 7:37 PM | Back to top


Comments on this post: Operation SSL Mode

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Ken Lovely, MCSE, MCDBA, MCTS | Powered by: GeeksWithBlogs.net