The hosting dude got it to work in IIS 7. The HTTP handlers requires wildcard mapping with different application pool to make it work in IIS 7. Hope this helps.
Make sure you have the following in Web.Config:
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="wildcard" path="*" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
</handlers>
</system.webServer>
One simple way is to check if the page is secure when you entering the login page, and after the login to redirect him on a non secure page.
You can check if the page is secure by using this command
HttpContext.Current.Request.IsSecureConnection
The IsSecureConnection
, actually check if the url starts with https://
For exampe, if you add this on login page, on PageLoad or on init can do the work
if(!HttpContext.Current.Request.IsSecureConnection)
{
Response.Redirect(Request.Url.Replace("http://","https://"),true);
return;
}
But then you need to redirect him to the non secure page when you leave the login page.
One more complex way, but more sure, is to use a code that check not only one page, but all pages base on rules. I suggest this code that I personally use :
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
and
http://code.google.com/p/securityswitch/
Ps The SSL is run in parallel with the non ssl pages, on different port. Its up to you where to navigate your users. So there is not "only one page ssl" option.
Best Answer
You always can to compile that code into an assembly (.dll), place it inside your /bin folder and to update your web.config file.