|
Home > Archive > IIS Server Security > February 2004 > Website login using SSL, but non-SSL for everything else
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Website login using SSL, but non-SSL for everything else
|
|
| Henry Fleming 2004-02-18, 2:34 am |
| Hello,
I am trying to set up a website with the following requirements:
1. User can browse through the non-secure pages of the website using
ordinary HTTP.
2. User can access the secure pages by first supplying a username and
password through a web form via SSL. This web-form goes through
HTTPS. The idea is to encrypt the password as it's sent across the
net.
3. Once the user has logged in, he can browse through the rest of the
site using ordinary HTTP.
I have been able to achieve #1 and #2, but as soon as the user logs
in, he can only browse through the site using HTTPS. Is there a way
to configure IIS so that once the user has logged in via SSL, he can
browse through the rest of the site using HTTP?
Note: all of the links in my HTML are "relative" links, except for the
link to my login page, which is an "absolute" link that explicitly
uses "https".
Henry
| |
| Keith W. McCammon 2004-02-19, 7:35 am |
| > I have been able to achieve #1 and #2, but as soon as the user logs
> in, he can only browse through the site using HTTPS. Is there a way
> to configure IIS so that once the user has logged in via SSL, he can
> browse through the rest of the site using HTTP?
This is an application issue, not an IIS issue. The page that processes
your web form should be written such that the user is redirected to HTTP
once the authentication process is complete. In most cases, the
authentication function would store the original request and send the user
to http://site.com/orig_request once the login has been verified.
|
|
|
|
|