Friday, September 7, 2007

ASP to force HTTPS SSL

There is a couple of different ways of forcing an ASP page to SSL. The first way is to create a custom error page that will redirect the ASP page to an SSL or HTTPS. Another way is to use an include file to redirect every page to an SSL. I will be showing you how to Force an SSL using an ASP include file. This is a very simple and straightforward method and you don’t need to login on the server to configure. Follow the steps below. If you have any questions please leave comments on the bottom of this entry.

  • Copy the code below and paste it into a file named ssl_force.asp

Include File. ssl_force.asp

if Request.ServerVariables("HTTPS") = "off" then
method = Request.ServerVariables("REQUEST_METHOD")
srvname = Request.ServerVariables("SERVER_NAME")
scrname = Request.ServerVariables("SCRIPT_NAME")
sRedirect = "https://" & srvname & scrname
sQString = Request.Querystring
if Len(sQString) > 0 Then
sRedirect = sRedirect & "?" & sQString
end if
if method = "POST" then
Response.Write "<form method=post action=" & sRedirect &amp;amp;amp; " name='f'>"
for x = 1 to Request.Form.Count()
tname = Request.Form.Key(x)
tvalue = Server.HTMLEncode(Request.Form.Item(x))
Response.Write "<input type=hidden name=" & tname & " value=""" & tValue &""">" & vbCrLf
Response.Write "<input type=submit value=Go To SSL>"
Response.Write "</form>"
Response.Write "<script>" & vbCrLf
Response.Write "document.f.submit();" & vbCrLf
Response.Write "</script>"
Response.Redirect sRedirect
end if
end if

  • For each page that requires SSL, paste the following code at the top of the page to reference the include file from the previous step:

<!--#include file="functions_db.asp"-->

  • When each page is browsed, the ASP code that is contained in the include file detects if HTTPS is used. If HTTP is used, the browser will be redirected to the same page by using HTTPS.

AddThis Social Bookmark Button

No comments: