Redirecting to secure version of a page

Hey there. As I’m working on a project for a customer (and catching up to speed on the asp.net web development since I last embarked on it), I have a particular request that I want to make sure is not going to cause undesirable effects.

The customer is putting a URL on a printed sheet. He wants it to be www.thesite.com/hn. He doesn’t want to add http:// or https:// because he wants to make it as short and pain free to type in as possible. Very reasonable goal.

The key is, I need to make sure that whatever they type in, they get to the secure page of the site (so www.thesite.com/hn would need to become https://www.thesite.com/hn).

I know that I can write an HttpHandler to look and see if it’s an https request, and if not, redirect them to the secure version. However, are there any pitfalls with this approach that I need to be aware of. Will some browsers pop up any nasty dialogs or such?

Thanks for any insight. Since this mailing isn’t cheap, I want to be VERY sure I can do this before the printing run.

You should probably google for some more info. There might more points that I’m not aware of.

Excellent. Thanks to both of your for the info, I’ll make sure and follow the guidelines.

Appreciate the re-assurance; the last position I want to be in is telling the customer it’s ok after he spends the $$$ on advertising and then discovering I screwed up.

If you do it correctly, then no. It will pop up a nasty dialog if you do one of the following:

  1. Use an invalid (self-signed) SSL certificate. You need to buy a valid SSL certificate online.
  2. If you include images or other resources in the page that are requested using http instead of https. At least FF will issue a warning “Some elements of this page are not secure. Are you sure you want to continue?”

If you adhere to the 2 points above you should not get a nasty popup as far as I know :slight_smile:

I’m not much help I’m afraid.

AFAIK, the “nasty dialogs” are when a user goes from a secure to a non-secure page. I can’t remember ever seeing any for going to a secure page.

Personally, I would be less worried if I saw a “this page is secure” than seeing a “this page is insecure”, in fact I might even feel reassured.

So I think if you have all requests go to the secure page you should be fine.

But don’t take my word for it, best wait for some further comment from someone that knows for certain or test it yourself if possible.