On Sun, Apr 10, 2011 at 2:55 PM, Anthony <asale...@tpg.com.au> wrote:
> Anyone have any experience creating a mixed mode ssl site. I.e. I want to > only enforce ssl for a specific pages..any standard methodology to use? I > don’t want to hard code the links but provide some sort of configuration for > flexibility. > This is a function of IIS, not your app. Generate a private key, request a cert from a CA then install it and you're good to go. Some random and non-exhaustive notes: 1. Explicitly *requiring* SSL for certain pages can lead to a bad user experience (they will receive a hard IIS error message about requiring SSL. 2. If you want to hand certain pages over SSL vs not AND you need to use cookies then you should read about and be aware of the implications of the secure attribute for cookies and consequent information exposure risks if you fail you use it properly. -- *David Connors* | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
