Difference between http and https technique

Question

Does it need Certificate/License/Registration before launching the website using https?

I want to use the mentioned code in Global.asax file.

protected void Application_BeginRequest(Object sender, EventArgs e)
{
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] 
+   HttpContext.Current.Request.RawUrl);
}

balexandre · Accepted Answer

First of all, I think you will never reach it, as it will loop in the Application_BeginRequest over and over as you are redirecting all requests...

Maybe what you're after is redirecting if the request comes from a non secure connection (http), no?

for that, see if the request comes from such connection like:

  protected void Application_BeginRequest(object sender, EventArgs e)
  {
     if (!HttpContext.Current.Request.IsSecureConnection)
        Response.Redirect(HttpContext.Current.Request.Url.AbsoluteUri.Replace("http://", "https://"));
  }

Secondly, the HTTPS protocol needs to be up and running or you will get a ERR_SSL_PROTOCOL_ERROR error thrown.

In Visual Studio, you can easily enable https in the project properties

enter image description here

and you will get the untruest warning

enter image description here

As Visual Studio generated (on installation) a default self signed certificated.

In production environment you will need to:

if it's an intranet application, just use the self-signed certificate
on a internet application, you do need to buy an SSL certificates, now-days they re cheaper and cheaper...

From your comments I have some question myself now...

Do you understand what HTTPS does to the connection between client computer and server?
Do you really need a secure connection between the two?
What kind of data are you trying to secure?

Difference between http and https technique

Answers (2)

Related Questions