Is it possible to have my website require SSL if it is using Windows Authentication?
So far, I'm not having luck with it.
Asked
Active
Viewed 4,990 times
0
-
Do you want it to require SSL only if Windows authentication is used or do you want SSL to be an always-on thing? – Top__Hat Nov 18 '11 at 12:33
-
The site will always be using Windows authentication. SSL should always be in effect. – Paul Marangoni Nov 22 '11 at 15:25
1 Answers
1
If you are always using Windows Authentication and always using SSL then the following should fit the scenario. 1. Rurn off all other forms of authentication in IIS. 2. Setup a redirect site in IIS to redirect all HTTP traffic to the HTTPS site (on the same server).
This forces all HTTP traffic over to SSL and only allows for Windows authentication.
Note this may behave strangely for non-IIS browsers due to how Windows Authentication works.
Top__Hat
- 962
- 1
- 7
- 12
-
The steps above should get you what you need. This is a pretty standard setup. – Tatas Nov 22 '11 at 18:35
-
I had already tried that. Weird thing is, the site won't load/render at all with https if it's using Windows authentication. We're using a self-signed certificate by the way. – Paul Marangoni Nov 22 '11 at 20:17
-
-
Internet Exploder. It does work with anonymous, and non-SSL. But since I have never tried SSL with Windows auth, I thought that maybe it wasn't even possibe (or even redundant). If you're sure it should work, it must be a problem with my SSL certificate. – Paul Marangoni Nov 22 '11 at 20:43
-
-
Yes. I can get the certificate to work with other sites on the server which allow anonymous access. – Paul Marangoni Nov 30 '11 at 17:20