Re: redirect http to https for virtual directories

From: Arif (arif_at_arif.us)
Date: 04/12/04 

Date: Mon, 12 Apr 2004 08:46:26 -0700

Ken,
Thanks a lot for the message.
Here is what I have done.
1. Created httpredirect.asp with necessary code to look
at the URL and if it comes over "80" redirect to
https://URL/securedir/default.asp
2. Edited Documents for securedir to include
httpredirect.asp and moved al lthe way up in the list
3. Enable anonymous access and unchecked the Require SSL
for httpredirect.asp
4. Securedir is still setup with only allow Basic
Authentication.

Now, when I do http://URL/securedir, it hits
httpredirect.asp BUT ASKS FOR THE AUTHENTICATION even
though the anonymous access is turned on at the file
level. If proper authentication is provided, it redirects
me to https://URL/securedir/default.asp and I get the
second authentication for the application as designed.

I have done the same thing for 403.4 at the root level
and it works like a charm. The only difference is that
Anonymous access is turned ON at the root level.

What I dont understand is why IIS is asking for
authentication when I have
http://URL/securedir/httpredirect.asp setup as anonymous
access? If I say cancel, I get 403.2 (authentication
required). The other thing that is bothering me is why
403.4 custom error not handling http to https redirects
at the virtual directory level?

Sorry for the long message, Please assist.

>-----Original Message-----
>Hi,
>
>a) create a custom error page to do the http -> https
redirect (e.g. similar
>to your existing default.asp). Make sure that this page
does *nothing* else
>important
>
>b) setup the virtual directory so that:
> - it requires SSL
> - it requires authentication
>
>c) setup the custom error page so that it *does not*
require authentication.
>
>Then, when a user comes to the site using http:// the
custom error page will
>be invoked, but the user will not be required to
authenticate. The error
>page will redirect to https://, and then the user will
be required to
>authenticate when they access any of the other documents
in the secured
>directory.
>
>Cheers
>Ken
>
>
>"Arif" <anonymous@discussions.microsoft.com> wrote in
message
>news:1821b01c41f58$a30edd60$a601280a@phx.gbl...
>: Hi,
>: I have a web server with the following configuration;
>: 1. Anonymous Access is turned on
>: 2. SSL certificate is installed and required
>: 3. Custom Error 403.4 page is edited to redirect
>: http://servername to https:///servername
>: 4. Couple of Virtual Directories (one with classic ASP
>: and the other one with ASP.Net applications)
>: 5. Anonymous Access is TURNED OFF at the virtual
>: directories level because of the application
requirements
>:
>: The http to https redirect at the root level
>: (http://servername) is working fine. But I need to have
>: http to https redirect at the virtual directory level.
I
>: have the same code that I am using in the custom error
>: page in defaul.asp page in my virtual directory. Since
>: the anonymous access is turned off, it asks for the
>: authentication and once authenticated it processes the
>: http to https redirect. So the redirect is working but
>: for obvious reason, I cannot have this in production
>: becuase the initial authentication is done over simple
>: text.
>:
>: If I do not have the code in "default.asp" page to
>: redirect to https, then I get JUST "HTTP Error 403 -
>: Forbidden".
>:
>: Can anyone please help me how to configure the http to
>: https for a URL like http://servername/aspapp/, the
>: default page is "default.asp"??? Keep in mind, I have
to
>: have ONLY Basic Authentication. (I can live with
>: unchecking the Require SSL at the virtual directory
level
>: if it is assured that all the contents are being
>: redirected to HTTPS).
>:
>: Thanks in advance for your help.
>: Arif
>:
>
>
>.
>

Relevant Pages

  • Re: redirect http to https for virtual directories
    ... Did you setup httpredirect.asp as the 403.4 custom error for the virtual ... at the URL and if it comes over "80" redirect to ... httpredirect.asp BUT ASKS FOR THE AUTHENTICATION even ... 403.4 custom error not handling http to https redirects ...
    (microsoft.public.inetserver.iis)
  • RE: LOGON_USER through https tunnel
    ... Have you disabled anonymous access? ... Go to IIS Manager, right click on the site and go to Directory Security. ... Click the Edit button in Authentication and access control, ... Subject: LOGON_USER through https tunnel ...
    (Security-Basics)
  • RE: outlook mobile access
    ... Properties of OMA ... Edit "Anonymous access and authentication control" ... Make sure you have "Basic Authentication" checked. ... > HTTPS: protocol. ...
    (microsoft.public.exchange.admin)
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    ... So simply setup the not https directory not to be password protected. ... why can't I just do a redirect before the authentication takes place? ... without authentication with only the redirect. ... instead of having both internal and external access www.3111skyline.com, ...
    (SuSE)
  • Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
    ... So simply setup the not https directory not to be password protected. ... The rewrite only occurs for access by IPs outside the local lan. ... why can't I just do a redirect before the authentication takes place? ... without authentication with only the redirect. ...
    (SuSE)