search

frenzypeng / securityswitch

Automatically exported from code.google.com/p/securityswitch
Other
0 stars 0 forks source link

Build Fails and Page not switching from HTTP to HTTPS #28

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
1) I copied the DLL into the Bin and referenced into the project.
2) Added the XSD to the Schema folder as well as included in the project.
3) Made the changes to web config like mentioned. 

  <securitySwitch mode="On" baseSecureUri="https://localhost/ABCWebSite/Return.aspx" baseInsecureUri="http://localhost/ABCWebSite/Return.aspx" >
    <paths>      
      <add path="ReturnAuthorization.aspx" />
    </paths>
  </securitySwitch>

After this if I type http://localhost/ABCWebSite/Return.aspx, it is not at all 
switching to the https mode.

I am also noticing the build fails with the following warnings.

Could not find schema information for the attribute 'mode'
---------------------------------------------------- 'baseSecureURI'

and so on. Total of 7 such warnings.

RRP

Original issue reported on code.google.com by rpr...@gmail.com on 4 Oct 2011 at 5:34

GoogleCodeExporter commented 8 years ago 
Just to verify; you've added this to your web.config as well?

...
    <configSections>
        ...
        <section name="securitySwitch" 
                 type="SecuritySwitch.Configuration.Settings, SecuritySwitch" 
                 requirePermission="false" />
    </configSections>

Original comment by vent...@gmail.com on 4 Oct 2011 at 8:58

GoogleCodeExporter commented 8 years ago 
Yes, I have already added that part in my web.config.

Thanks

RRP

Original comment by rpr...@gmail.com on 4 Oct 2011 at 9:13

GoogleCodeExporter commented 8 years ago 
I'm not as worried about those build warnings, if they are truly warnings. They 
are likely tied to the config schema not being recognized, but it's not a 
deal-breaker either. If you want the XSD to actually work, you'll need to 
change the securitySwitch section to include the namespace, like so:

<securitySwitch xmlns="http://SecuritySwitch-v4.xsd" ...>

Also, I think you misunderstand the purpose of the baseSecureUri and 
baseInsecureUri attributes. They should never be set to a page; just a base 
URL. You also do not need to set them at all unless you have shared SSL hosting 
or the like. Try removing both of those attributes from the config.

Next, the page you have configured for security is ReturnAuthorization.aspx. 
That's the page that should switch to HTTPS when visited. Of course, it won't 
work until you remove or fix those base URIs.

To summarize, I recommend your configuration section look like the following:

<securitySwitch xmlns="http://SecuritySwitch-v4.xsd">
  <paths>      
    <add path="ReturnAuthorization.aspx" />
  </paths>
</securitySwitch>

...and you should attempt to visit the ReturnAuthorization.aspx page to see if 
it switches.

Lastly, none of this will completely work unless you have a self-signed SSL 
certificate installed on your local website (through either IIS or IIS 
Express). Without a valid certificate, the browser will be speaking Greek to 
your server.

Let me know if anything needs further explaining or if you run into any other 
issues. Good luck!

Original comment by vent...@gmail.com on 4 Oct 2011 at 10:15

GoogleCodeExporter commented 8 years ago 
Thanks so much for your prompt response and suggestions. I truly appreciate it.

RRP

Original comment by rpr...@gmail.com on 5 Oct 2011 at 12:39

GoogleCodeExporter commented 8 years ago

Original comment by vent...@gmail.com on 11 Oct 2011 at 11:48