When you deploy your site with https enables ( ie : when
you have a secured transport layer ) following is the configuration we need to
do to make sure all our cookies are secured and channeled through https.
<httpCookies requireSSL="true"/>
But there would be situations where you do not need all
your cookies secured. May be you are sending or receiving some non-sensitive
data. Following is one way that we can override the existing secured cookies
configuration.
Response.Cookies.Add(new HttpCookie("unsecurecookie)")
{
Value = "thevalue",
Secure = false
});
Secure = false is the key attribute here.
if
(!Request.IsSecureConnection)
{
Response.RedirectPermanent(
"ToSecureURL");
}
There might be situations where you need to redirect the url
to https forcefully if the request in is http. Following is one way of doing
this.
if
(!Request.IsSecureConnection)
{
Response.RedirectPermanent(
"ToSecureURL");
}
But keep in mind that we are doing this in the Server.
There might be deployments where you configure the SSL Certificate in the load
balancer in front of web servers ( in a web farm environment as an example). In
these case aforementioned method would not work because for the web server the Request
is always un-secure. We need to handle
these kind of situations with http headers.
No comments:
Post a Comment