search

ventaur / securityswitch

Security Switch enables various ASP.NET applications to automatically switch requests for pages/resources between the HTTP and HTTPS protocols without the need to write absolute URLs in HTML markup.
Other
2 stars 0 forks source link

Secure port on path level #54

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I am trying to deploy a web application in MS Azure as cloud service. The 
application will be accessed through three different urls lets say http://url1, 
http://url2 and http://url3. I want requests to http:/url2/login and 
http:/url3/login to be switched to https://url2/login and 
https://url3:8443/login respectively while ignoring the http://url1/Login. 

It seems that I can manage switching from http:/url2/login to 
https://url2/login using the SecuritySwitch_EvaluateRequest event in 
global.asax. However I cannot find how can I switch the http:/url3/login to 
https://url3:8443/login throw the configuration. So before creating my own 
ISecurityEnforcer class and modifying the SecurityEnforcerFactory I wanted to 
ask you if I miss something. 

Thanks

Original issue reported on code.google.com by argir...@gmail.com on 1 Mar 2015 at 8:21

GoogleCodeExporter commented 9 years ago 
Hello. You are correct. There is no (built-in) way to handle your scenario; to 
conditionally use a port based on the host name. Your best bet is to continue 
with your plan to create your own ISecurityEnforcer and change the factory.

This does, of course, shine a light on some flaws. I want to change the 
factories to allow for overriding the creation process without you having to 
modify the library itself. I'll add that as a task to work on soon. Thanks!

Original comment by vent...@gmail.com on 2 Mar 2015 at 3:01