requireSSL not working on web site

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a web site that is configured for FORMS authentication. I have the "requireSSL" parameter set to "true" and the authorization set to "deny" any unauthenticated users. For whatever reason, though, when I go to the site using HTTP it never redirects me to HTTPS.

What should I be looking for to fix this problem? Doesn't the requireSSL automatically redirect to HTTPS on an HTTP request?

Thanks
 
The requireSSL property of the Forms authentication doesn't actually
redirect you. The property tells whether or not the cookie that the Forms
authentication creates is transmitted using https and doesn't do anything
about redirection.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

javatopia said:
I have a web site that is configured for FORMS authentication. I have the
Click to expand...
"requireSSL" parameter set to "true" and the authorization set to "deny" any
unauthenticated users. For whatever reason, though, when I go to the site
using HTTP it never redirects me to HTTPS.
What should I be looking for to fix this problem? Doesn't the requireSSL
Click to expand...
automatically redirect to HTTPS on an HTTP request?
 
Here's some code that might help - put it in your page load event:

If Not Request.IsSecureConnection And Not Request.Url.IsLoopback Then
Response.Redirect(Regex.Replace(Request.Url.ToString, "http",
"https")
End If
 
Back
Top