|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS 6.0 SSL for whole site EXCEPT a few directoriesWe deploy a ASP.NET 1.1 web app by creating a new website. The entire
website is set to SSL. We are hearing back from our operations people, it then is not possible to turn off SSL for a few directories under the website. Shouldn't it be possible to go into the directories and turn off Require Secure Channel? The way we have gotten by this in the past is to not secure the whole website and go through every folder we want to use SSL and turn on Require Secure Channel but this takes quite a bit of time. Your operations people are mistaken.
IIS is flexible. It allows either: 1. All directories require SSL EXCEPT for specific named ones 2. All directories work with HTTP and SOME specific named ones require SSL The right choice? Depends on which is easiest and makes sense for you. It sounds like you rather default to require SSL except for some specific directories... which is easily supported by IIS. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Kevin Jackson" <kjack***@powerwayinc.com> wrote in message news:u0qwrWLPGHA.344@TK2MSFTNGP11.phx.gbl... > We deploy a ASP.NET 1.1 web app by creating a new website. The entire > website is set to SSL. We are hearing back from our operations people, it > then is not possible to turn off SSL for a few directories under the > website. > > Shouldn't it be possible to go into the directories and turn off Require > Secure Channel? > > The way we have gotten by this in the past is to not secure the whole > website and go through every folder we want to use SSL and turn on Require > Secure Channel but this takes quite a bit of time. > > > David,
So if SSL is turned on at the site level, we should still be able to go to various files and directories and turn it off right? Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message news:uAQliITPGHA.2604@TK2MSFTNGP09.phx.gbl... > Your operations people are mistaken. > > IIS is flexible. It allows either: > 1. All directories require SSL EXCEPT for specific named ones > 2. All directories work with HTTP and SOME specific named ones require SSL > > The right choice? Depends on which is easiest and makes sense for you. > > It sounds like you rather default to require SSL except for some specific > directories... which is easily supported by IIS. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > > "Kevin Jackson" <kjack***@powerwayinc.com> wrote in message > news:u0qwrWLPGHA.344@TK2MSFTNGP11.phx.gbl... >> We deploy a ASP.NET 1.1 web app by creating a new website. The entire >> website is set to SSL. We are hearing back from our operations people, >> it then is not possible to turn off SSL for a few directories under the >> website. >> >> Shouldn't it be possible to go into the directories and turn off Require >> Secure Channel? >> >> The way we have gotten by this in the past is to not secure the whole >> website and go through every folder we want to use SSL and turn on >> Require Secure Channel but this takes quite a bit of time. >> >> >> > > Yup. It's simply the way the IIS configuration system works.
Values set at the parent node (i.e. site level) automatically inherit to the children node UNLESS specifically overriden at the children node (i.e. various files/directories). So if you set any property globally or per-site, it automatically applies everywhere UNLESS some child node decides to override it with another value. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Kevin Jackson" <kjack***@powerwayinc.com> wrote in message news:%23tm43mTPGHA.1040@TK2MSFTNGP12.phx.gbl... > David, > > So if SSL is turned on at the site level, we should still be able to go to > various files and directories and turn it off right? > > > "David Wang [Msft]" <some***@online.microsoft.com> wrote in message > news:uAQliITPGHA.2604@TK2MSFTNGP09.phx.gbl... >> Your operations people are mistaken. >> >> IIS is flexible. It allows either: >> 1. All directories require SSL EXCEPT for specific named ones >> 2. All directories work with HTTP and SOME specific named ones require >> SSL >> >> The right choice? Depends on which is easiest and makes sense for you. >> >> It sounds like you rather default to require SSL except for some specific >> directories... which is easily supported by IIS. >> >> -- >> //David >> IIS >> http://blogs.msdn.com/David.Wang >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> // >> >> "Kevin Jackson" <kjack***@powerwayinc.com> wrote in message >> news:u0qwrWLPGHA.344@TK2MSFTNGP11.phx.gbl... >>> We deploy a ASP.NET 1.1 web app by creating a new website. The entire >>> website is set to SSL. We are hearing back from our operations people, >>> it then is not possible to turn off SSL for a few directories under the >>> website. >>> >>> Shouldn't it be possible to go into the directories and turn off Require >>> Secure Channel? >>> >>> The way we have gotten by this in the past is to not secure the whole >>> website and go through every folder we want to use SSL and turn on >>> Require Secure Channel but this takes quite a bit of time. >>> >>> >>> >> >> > > 
Other interesting topics
IIS Authentication, FSO and Form Methods
keep IIS in RAM IIS Out of Process Pooled Applications Security IIS 7 default setting Post Image Data to Server from embedded user control in IE IE prompts for a password when using anonymous authentication Authentication with IE Web services difficulties Basic authentication against automated attacks List of all SSL pages |
|||||||||||||||||||||||
