It’s possible to Force SSL on web pages using ASP. In this article I will show you how to accomplish this. To do this you need to do 2 things.
1. Create a ForceSSL.asp page
2. Set the file as an include on any pages that require SSL
ForceSSL.asp
Within your website create a file called ForceSSL.asp. I usually put this file in a directory called includes. You can get a copy of the file I used in this example here: ForceSSL.zip
<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
Response.Redirect strSecureURL
End If
%>
Include File
On every ASP page that requires SSL you will need to add the “include virtual” statement below, you may need to modify it to the location of your ForceSSL.asp file. If you notice on the default.asp page I have created below, I have placed the “include virtual” statement at the top of the document, you want to put it on top so it will run first.
When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https. Instead use /images/logo.jpg.
No comments:
Post a Comment