https connection?

  • Thread starter Thread starter Jenny
  • Start date Start date
J

Jenny

Hi all,

Two questions:

How can I force the use of an https connection for a first
password site?

What is the best way to prevent direct access to the pages
behind this password site?

Thanks in advance

Jenny
 
Hi,

1) yes, you can set that up in IIS.First you need to install the SSL
certificate inside IIS, then you go to 'directory security', edit and switch
on the 'require secure channel (SSL)' checkbox.

2) If you are just talking about ASPX pages, the built-in security of
ASP.NET is just fine. So you setup your web.config file to Forms
authentication, deny access for users who are not logged in and allow access
for authenticated users.

There are two nice papers about this in case you are interested:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp

Best regards,

Marc Hoeppner
NeoGeo
 
Back
Top