IIS Server Security - SSL redirect to non-SSL

Author

SSL redirect to non-SSL

Daniel Kaplan

2006-03-14, 8:48 pm

Not sure if I am in the right group, but question.

If I am going from an SSL page to a non-SSL page (like after loggin on) is
there a way to get the browser to NOT give that "you are being redirected to
a non-secure page" ?

Thanks

Bernard Cheah [MVP]

2006-03-15, 2:49 am

I believe this is browse site issue. IIS will just redirect the request. it
is the browser that control the warning message.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/

"Daniel Kaplan" <NoSPam@NoSpam.com> wrote in message
news:1142390142.647162@nntp.acecape.com...
> Not sure if I am in the right group, but question.
>
> If I am going from an SSL page to a non-SSL page (like after loggin on) is
> there a way to get the browser to NOT give that "you are being redirected
> to
> a non-secure page" ?
>
> Thanks
>
>
>

David Wang [Msft]

2006-03-15, 7:49 am

IIS cannot control browser configuration. If it could, that would be a
security vulnerability since a malicious website can just make browser
insecure and use it to hack the user.

Since you must make the browser go from HTTPS to HTTP, the browser will
observe the change, and you are complete up to browser configuration for
such a change. Nothing the webserver can do about it.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Daniel Kaplan" <NoSPam@NoSpam.com> wrote in message
news:1142390142.647162@nntp.acecape.com...
> Not sure if I am in the right group, but question.
>
> If I am going from an SSL page to a non-SSL page (like after loggin on) is
> there a way to get the browser to NOT give that "you are being redirected
> to
> a non-secure page" ?
>
> Thanks
>
>
>