using SSL with ASP.net 2.0

c_shah · Jul 5, 2007

I have an asp.net website (IIS 6 on windows Server 2003, .NET
Framework 2.0)

On one of my page I am making a call to a ASP.net web service (to
obtain some data), I DO NOT want to make any secure calls to the web
service. Does SSL have any issue with consuming a web service inside
your
asp.net web page?

Is that true that session variables will be lost when url changes from
HTTPS to HTTP? I only want to secure few (only four) pages on the
website.

Michael Nemtsev · Jul 6, 2007

Hello c_shah,

Don't quite understand your issue.
Where is SSL? Your ASp.net site, or remote web service is SSLed?

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

c> I have an asp.net website (IIS 6 on windows Server 2003, .NET
c> Framework 2.0)
c>
c> On one of my page I am making a call to a ASP.net web service (to
c> obtain some data), I DO NOT want to make any secure calls to the web
c> service. Does SSL have any issue with consuming a web service inside
c> your
c> asp.net web page?
c> Is that true that session variables will be lost when url changes
c> from HTTPS to HTTP? I only want to secure few (only four) pages on
c> the website.
c>

c_shah · Jul 6, 2007

SSL is going to be installed on the web server hosting ASP.net website.

c_shah · Jul 6, 2007

my question

are session variable will be lost (asp.net website) between https and
http?

Michael Nemtsev · Jul 6, 2007

Hello c_shah,

AFAIK there is no limitation for the session variables (because they are
serialized) and only for cookies.

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

c> my question
c>
c> are session variable will be lost (asp.net website) between https and
c> http?
c>

Michael Nemtsev · Jul 6, 2007

Hello Michael ,

I mean there is no problem if u use database to maintain state

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

MN> Hello c_shah,
MN>
MN> AFAIK there is no limitation for the session variables (because they
MN> are serialized) and only for cookies.
MN>
MN> ---
MN> WBR, Michael Nemtsev [.NET/C# MVP].
MN> My blog: http://spaces.live.com/laflour
MN> Team blog: http://devkids.blogspot.com/
MN> "The greatest danger for most of us is not that our aim is too high
MN> and we miss it, but that it is too low and we reach it" (c)
MN> Michelangelo
MN>
c>> my question
c>>
c>> are session variable will be lost (asp.net website) between https
c>> and http?
c>>

c_shah · Jul 6, 2007

Michael, I am sorry

Do you meant to say session variable will be lost between HTTPS and
HTTP unless you use database to store session?

Michael Nemtsev · Jul 6, 2007

Hello c_shah,

Seems so, I've never tried it, but see the number of other posts about this,
that u need to store in in DB

I recommend to google and examine this

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

c> Michael, I am sorry
c>
c> Do you meant to say session variable will be lost between HTTPS and
c> HTTP unless you use database to store session?
c>