Navigating
between the public and restricted areas of your site (that is, between HTTP and
HTTPS pages) is an issue because a redirect always uses the protocol (HTTPS or
HTTP) of the current page, not the target page.
After a user logs on and browses pages in a directory
that is secured with SSL, relative links such as "..\publicpage.aspx"
or redirects to HTTP pages result in the pages being served using the HTTPS
protocol, which incurs an unnecessary performance overhead. To avoid this, use
absolute links such as "http://servername/appname/publicpage.aspx"
when redirecting from an HTTPS page to an HTTP page.
Similarly, when you redirect to a secure page (for
example, the logon page) from a public area of your site, you must use an
absolute HTTPS path, such as
"https://servername/appname/secure/login.aspx" instead of a relative
path, such as "restricted/login.aspx." For example, if your Web page
provides a logon button, use the following code to redirect to the secure login
page.
Copy Code
private void btnLogon_Click( object sender,
System.EventArgs e )
{
// Form an absolute path using the server name and
v-dir name
string serverName =
HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]);
string vdirName = Request.ApplicationPath;
Response.Redirect("https://" + serverName +
vdirName +
"/Restricted/Login.aspx");
}
No comments:
Post a Comment