Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 239875 - Last Review: July 3, 2008 - Revision: 6.1
HOW TO: Use ASP to Force SSL for Specific Pages
This article was previously published under Q239875
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
For more information about IIS 7.0, visit the following Microsoft Web site:
It is frequently good security practice to require Secure Sockets Layer (SSL) for certain pages on a Web site. Although this can be configured through the Internet Services Manager (ISM) in the Microsoft Management Console (MMC), you can also use Active Server Pages (ASP) to force SSL for specific pages without making changes in the MMC.
Prerequisites
This article assumes the following conditions:
- IIS is running on standard ports:
- HTTP = Port 80
- HTTPS = Port 443
- IIS has a valid SSL certificate installed.
- The Web site or virtual server that is used does not use HTTP/1.1 host headers for name resolution.
Forcing SSL using ASP
To force SSL using ASP, follow these steps:
- Click Start, click Run, type Notepad, and then click OK.
- Paste the following code into a blank Notepad document. On the File menu, click Save As, and then save the following code in the root of your Web server as an include file named ForceSSL.inc:
<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https:/"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
Response.Redirect strSecureURL
End If
%>
- For each page that requires SSL, paste the following code at the top of the page to reference the include file from the previous step:
<%@Language="VBSCRIPT"%>
<!--#include virtual="http://support.microsoft.com/ForceSSL.inc"-->
187504Â
(http://kbalertz.com/Feedback.aspx?kbNumber=187504/EN-US/
)
HTTP 1.1 Host Headers Are Not Supported When You Use SSL
228991Â
(http://kbalertz.com/Feedback.aspx?kbNumber=228991/EN-US/
)
How to Create and Install an SSL Certificate in Internet Information Server 4.0
228836Â
(http://kbalertz.com/Feedback.aspx?kbNumber=228836/EN-US/
)
Installing a New Certificate with Certificate Wizard for Use in SSL/TLS
257591Â
(http://kbalertz.com/Feedback.aspx?kbNumber=257591/EN-US/
)
Description of the Secure Sockets Layer (SSL) Handshake
APPLIES TO
- Microsoft Internet Information Services 6.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services 7.0
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate