I have a asp based website on windows server 2008. I would like to make some selected pages as SSL (https).
I tried to enable https. But when i try to access using http it gives error. how to enable https only for selected pages on a website?
Thanks
-Vivek
Assuming you mean ASP 3.0 (Classic ASP) and not ASP.NET, I ran into this a while back myself and basically Microsoft's HOW TO is the best solution:
http://support.microsoft.com/kb/239875
It is frequently good security practice to require Secure Sockets Layer (SSL) for certain pages on a Web site. Although this can be configured through the Internet Services Manager (ISM) in the Microsoft Management Console (MMC), you can also use Active Server Pages (ASP) to force SSL for specific pages without making changes in the MMC.
is it possible to do for selected pages in iis?
Related
I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.
Can I use Dreamweaver to build an HTML based site and then upload this site to the Azure platform via ftp, more specifically will Windows Azure recognise the default page for my website without explicitly having to reference it in the URL?
Azure PaaS (either Cloud Services or Web Sites), no.
Azure IaaS, yes... with a bunch of initial setup.
You could spin up an Azure VM and host a plain HTML web site from within IIS there. You would need to configure the IIS web site (e.g. start page) and set up the FTP server when you first provision the server.
My gut feeling is that Windows Azure is not a very economical hosting model for a project of this kind though.
I have deployed a ASP.NET MVC 4 w/ SignalR application of mine which is working fine on all clients, except one. When using Chrome Dev tools to debug the page I see that the SignalR transport method is ServerSentEvents and that the SignalR GET requests have a status of 'Cancelled'. This is the case in both Chrome Latest & IE 9 Browsers.
This problem is specific to a single client. A few things I have tried are:
Disabling Windows Firewall
Adding my site to Trusted Sites with
Security settings 'Low'.
As a bit of a background on the client.. they are part of a corporate network running Windows 7. Another computer on the same network had the same issue, however, this was fixed by adding my site to 'Trusted Sites'.
AVG Internet Security was blocking these requests. Disabling 'Online Shield' meant the app returned to normal working order.
I have a .net website which access oracle application express web application using Iframe, specifically using a unique url for different pages.
Now, I need windows authentication to be used by both .net website and oracle application express as single sign on.
Please suggest how I can achieve the same.
Let me know if there are any open source technology which I can use.
One option might be to use the Thoth Gateway to host Apex in IIS (as opposed to Apache, EPG, or the Apex Listener) and use Integrated Windows authentication as described here.
I'm using the AJAX Test Server in Rational Application Developer. I'm posting a form to another host for authentication. That host takes a URL to redirect to after authentication. However, it insists on using HTTPS whenever it sends the 302 response. The low hanging fruit would be to just use HTTPS locally.
Looking at the launch configuration, the AJAX Test Server appears to be a custom Apache HttpCore server. I haven't spotted anything in the configuration guide.
Is there a way to access this test server via HTTPS?
This is for demo and local development purposes; not production.
Speaking from working with WAS (WebSphere Application Server) in RAD, I'm pretty sure the answer would be yes. The server (at least with WAS) has both secure and "unsecure" ports.
What I have noticed is that when the server is built with the install (at least with the newer versions of the products 7.5+), the ports used are different per install. This is to help with not conflicting with other applications that may use those ports.
So https is probably fine. You just may have to use it over port 302 or some other port.
If there is no admin console for viewing your ports, you could always try the Window | Preferences option under your menu items. Sometimes IBM hides server config stuff in there.