Both HTTPS and HTTP on the same web application - https

Windows Server 2003, IIS 6
We have an ASP.Net application, which is accessed using HTTP by customers.
Now one customer wants to access this application, using HTTPS (company security rules).
Can I set up IIS 6, so that I can satisfy both requirements? So that regardless of typing
http://www.foo.com/bar or https://www.foo.com/bar, the users will get the same experience? And those using HTTPS will continue using HTTPS during their ASP.Net session?

Related

SPNEGO on Go backend (Windows server)

I currently have an application running on our Windows Intranet consisting of a backend (Golang) and multiple frontends. Currently frontend users must authenticate to the backend using a password but we want to move to SSO (single sign-on) for improved security and user convenience. The frontend can use SPNEGO to negotiate IAW (Integrated Windows Authentication) which would allow the backend to know the Windows login ID of the frontend user.
I know how to configure the frontend (web browsers) for this and it would be handled automatically in the backend if I was using IIS for the web server. I just need the equivalent code for a Go web server.
https://github.com/jcmturner/gokrb5/v8 appears to support this but I have been unable to get it to work. There is some example code such as https://github.com/jcmturner/gokrb5/blob/master/examples/example-AD.go but I have not been able to understand how to adapt it to my needs. Does anyone have a working example?

ASP.NET core web application cannot connect to www through http proxy

I have a ASP.NET core web application (Kestrel) which serves as an authentication service (.NETCoreApp 1.1). Therefore it talks to an OpenID connect provider. It works all fine when the host machine is directly connected to the internet. However if the machine is behind the corporate web proxy of my company it cannot connect to the OpenID connect provider (or any other address in the www).
How do I tell my ASP.NET core web application to use the corporate web proxy server?
Note: I already found some solutions which use web.config but that's no longer present in .NET core 1.1

Does the BizTalk 2013 R2 SharePoint adapter support HTTPS?

I'm looking into a potential integration solution that would use BizTalk 2013 R2 to interact with a SharePoint Online using the Client Side Object Model. However, I want to keep security in mind and so I'm trying to verify that the WSS adapter supports HTTPS. I can't find anywhere in the documentation that states this explicitly, and it will take some effort before I'm capable of testing it out.
Is it sufficient to simply use an https URL with port 443 to configure the WSS adapter to use HTTPS?
What Is the Windows SharePoint Services Adapter?
Permissions to Windows SharePoint Services files, lists, and document libraries are restricted using Windows SharePoint Services security. The messages are sent from Windows SharePoint Services directly into BizTalk Server. The communication between the adapter runtime and the Web service is done over HTTP or HTTPS.
The adapter assumes that the BTSharePointAdapterWS Web service is using the same HTTP scheme (HTTP or HTTPS) as the Windows SharePoint Services site. This means that the adapter will use HTTPS to communicate with the BTSSharePointAdapterWS Web service when the Windows SharePoint Services Site is created on a secure IIS Web site, or it will use HTTP to communicate with the BTSharePointAdapterWS Web service when the Windows SharePoint Services site is created on an IIS Web site without a server certificate.
(Bolding added for emphasis).
Configure the SharePoint Site URL to have https:// and you should not have to specify the port.

WebAPI on same server, can it be accessed over http instead of https even though SSL applied on it?

I have WebAPP and WEBAPI on same server. I have applied SSL certificate on both the sites under same server (both are separate applications under common IIS default website).
Now my point, Can I access same WEBAPI over http instead of https form 3rd intranet application on same server and which is not a secure application?
My intention to not hamper performance for 3rd site which is not secured and on the same server.
Actually It depends on your configuration.
Generally, when you apply SSL on web server your app can now be accessed over http and https both connections.
But, if you have configured it to redirect http version to https using CSP or server end configuration, then you can access http version as all requests will get automatically redirected to https version.
You should read IIS related materials to learn what is site binding. A web site can of course contain multiple bindings, both HTTP and HTTPS, so that clients (like web browsers) can access using both http:// and https://.
https://blogs.technet.microsoft.com/chrad/2010/01/24/understanding-iis-bindings-websites-virtual-directories-and-lastly-application-pools/

SSL implementation for selected asp pages in Windows server 2008

I have a asp based website on windows server 2008. I would like to make some selected pages as SSL (https).
I tried to enable https. But when i try to access using http it gives error. how to enable https only for selected pages on a website?
Thanks
-Vivek
Assuming you mean ASP 3.0 (Classic ASP) and not ASP.NET, I ran into this a while back myself and basically Microsoft's HOW TO is the best solution:
http://support.microsoft.com/kb/239875
It is frequently good security practice to require Secure Sockets Layer (SSL) for certain pages on a Web site. Although this can be configured through the Internet Services Manager (ISM) in the Microsoft Management Console (MMC), you can also use Active Server Pages (ASP) to force SSL for specific pages without making changes in the MMC.
is it possible to do for selected pages in iis?

Resources