Home/ Questions/Q 644433
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T21:23:26+00:00

We have a very simple ASP.NET web application comprising mostly static content and a

  • 0

We have a very simple ASP.NET web application comprising mostly static content and a single form which we want to protect with SSL. The secured page is in its own folder, but it inherits from an unsecured master page, and it shares some other resources (the logo, css file and some pictures) with the rest of the website. The site is hosted by a third-party, and changing the IIS configuration (or changing to a different host) is not an option.

As we understand, there are a few challenges when dealing with partial SSL on ASP.NET:

  1. Preventing the “This page contains both secure and nonsecure items” message.
  2. Providing support for relative URLs as they won’t work by default when redirecting to a secured page.

We don’t want to secure the whole site, because of the potential performance issues, so what is the best way to protect only one particular page or folder, guaranteeing at the same time that any resource loaded by this page will be secured as well?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up overriding the OnInit method on the page I wanted to secure, using the solution described here: 

    protected override void OnInit(EventArgs e)
{
    if (!Request.IsSecureConnection && !Request.IsLocal)
    {
        UriBuilder builder = new UriBuilder(Request.Url)
        {
            Scheme = Uri.UriSchemeHttps,
            Port = 443
        };
        Response.Redirect(builder.Uri.ToString());
    }
    base.OnInit(e);
}

    For the rest of the pages, I inherited from a base page with the following code on the OnInit method:

    protected override void OnInit(EventArgs e)
{
    if (Request.IsSecureConnection)
    {
        UriBuilder builder = new UriBuilder(Request.Url)
        {
            Scheme = Uri.UriSchemeHttp,
            Port = 80
        };
        Response.Redirect(builder.Uri.ToString());
    }
    base.OnInit(e);
}
    • 0