I have a virtual folder containing an administration application, like
https://www.mysite.com/alpha
which requires SSL. In the IIS manager properties for the folder, under “Authentication and access control”, Anonymous Access is disabled and “Authenticated Access” is set to “Integrated Windows authentication.”
When I connect to the site in Chrome, I receive two login boxes. The first is from mysite.com/alpha:443, and the second is from mysite.com/alpha:80. Firefox appears to re-send my credentials for the second box so it is never shown.
Any ideas why I’d be required to log in twice?
If you require SSL for authenticated users on your website (for any reason), then the best solution is to always have your “Login” page on
https://. That way when they log in, they are instantly secure. The reason for this is because of the native design of SSL. It separates/secures it’s self from the non secure version by not passing authentication states betweenhttpandhttps.you will also have to write some logic to redirect returning authenticated visitors to the secure page (IE: visitors who can return authenticated from a cookie).
EDIT:
Since your using windows authentication, it’s probably easiest to simply redirect ALL incoming
httptraffic tohttps. This means your entire site will be over SSL and will be inaccessible via http (other than to redirect to https)I wrote a Blog Post on forcing a website to use WWW in the web address, but it can also be ported to forcing https.