Re: redirect http to https for virtual directories

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 11:44:15 +1000

a) Did you setup httpredirect.asp as the 403.4 custom error for the virtual
directory?

b) Does the configured Anonymous User account have *NTFS* permissions to the
actual file (httpredirect.asp) - if it doesn't, then Windows will deny
access to the file, and the user will be prompted to supply credentials that
do have NTFS permissions to the file.

Cheers
Ken

"Arif" <arif@arif.us> wrote in message
news:1b61901c420a5$50762830$a301280a@phx.gbl...
: Ken,
: Thanks a lot for the message.
: Here is what I have done.
: 1. Created httpredirect.asp with necessary code to look
: at the URL and if it comes over "80" redirect to
: https://URL/securedir/default.asp
: 2. Edited Documents for securedir to include
: httpredirect.asp and moved al lthe way up in the list
: 3. Enable anonymous access and unchecked the Require SSL
: for httpredirect.asp
: 4. Securedir is still setup with only allow Basic
: Authentication.
:
: Now, when I do http://URL/securedir, it hits
: httpredirect.asp BUT ASKS FOR THE AUTHENTICATION even
: though the anonymous access is turned on at the file
: level. If proper authentication is provided, it redirects
: me to https://URL/securedir/default.asp and I get the
: second authentication for the application as designed.
:
: I have done the same thing for 403.4 at the root level
: and it works like a charm. The only difference is that
: Anonymous access is turned ON at the root level.
:
: What I dont understand is why IIS is asking for
: authentication when I have
: http://URL/securedir/httpredirect.asp setup as anonymous
: access? If I say cancel, I get 403.2 (authentication
: required). The other thing that is bothering me is why
: 403.4 custom error not handling http to https redirects
: at the virtual directory level?
:
: Sorry for the long message, Please assist.
:
:
: >-----Original Message-----
: >Hi,
: >
: >a) create a custom error page to do the http -> https
: redirect (e.g. similar
: >to your existing default.asp). Make sure that this page
: does *nothing* else
: >important
: >
: >b) setup the virtual directory so that:
: > - it requires SSL
: > - it requires authentication
: >
: >c) setup the custom error page so that it *does not*
: require authentication.
: >
: >Then, when a user comes to the site using http:// the
: custom error page will
: >be invoked, but the user will not be required to
: authenticate. The error
: >page will redirect to https://, and then the user will
: be required to
: >authenticate when they access any of the other documents
: in the secured
: >directory.
: >
: >Cheers
: >Ken
: >
: >
: >"Arif" <anonymous@discussions.microsoft.com> wrote in
: message
: >news:1821b01c41f58$a30edd60$a601280a@phx.gbl...
: >: Hi,
: >: I have a web server with the following configuration;
: >: 1. Anonymous Access is turned on
: >: 2. SSL certificate is installed and required
: >: 3. Custom Error 403.4 page is edited to redirect
: >: http://servername to https:///servername
: >: 4. Couple of Virtual Directories (one with classic ASP
: >: and the other one with ASP.Net applications)
: >: 5. Anonymous Access is TURNED OFF at the virtual
: >: directories level because of the application
: requirements
: >:
: >: The http to https redirect at the root level
: >: (http://servername) is working fine. But I need to have
: >: http to https redirect at the virtual directory level.
: I
: >: have the same code that I am using in the custom error
: >: page in defaul.asp page in my virtual directory. Since
: >: the anonymous access is turned off, it asks for the
: >: authentication and once authenticated it processes the
: >: http to https redirect. So the redirect is working but
: >: for obvious reason, I cannot have this in production
: >: becuase the initial authentication is done over simple
: >: text.
: >:
: >: If I do not have the code in "default.asp" page to
: >: redirect to https, then I get JUST "HTTP Error 403 -
: >: Forbidden".
: >:
: >: Can anyone please help me how to configure the http to
: >: https for a URL like http://servername/aspapp/, the
: >: default page is "default.asp"??? Keep in mind, I have
: to
: >: have ONLY Basic Authentication. (I can live with
: >: unchecking the Require SSL at the virtual directory
: level
: >: if it is assured that all the contents are being
: >: redirected to HTTPS).
: >:
: >: Thanks in advance for your help.
: >: Arif
: >:
: >
: >
: >.
: >

Relevant Pages

  • Re: redirect http to https for virtual directories
    ... at the URL and if it comes over "80" redirect to ... Enable anonymous access and unchecked the Require SSL ... If proper authentication is provided, ... custom error not handling http to https redirects ...
    (microsoft.public.inetserver.iis)
  • Re: iis 6 ssl redirect initial login encrypted?
    ... that contained the file and I had to disable SSL for the virtual directory ... Select "Allow Anonymous Authentication" and disable the other ... I'm not sure how to do it for just my custom error page. ... I've configured IIS 6 to redirect to ssl using a custom error 403.4 ...
    (microsoft.public.inetserver.iis.security)
  • Re: redirect http to https for virtual directories
    ... create a custom error page to do the http -> https redirect (e.g. similar ... setup the custom error page so that it *does not* require authentication. ...
    (microsoft.public.inetserver.iis)
  • redirect http to https for virtual directories
    ... Custom Error 403.4 page is edited to redirect ... http to https redirect at the virtual directory level. ...
    (microsoft.public.inetserver.iis)
  • redirect http to https for virtual directories
    ... Custom Error 403.4 page is edited to redirect ... http to https redirect at the virtual directory level. ...
    (microsoft.public.inetserver.iis.security)