I would like the login form of my .net web forms app to use HTTPS but want the rest of the site to use HTTP only. What is the preferred method of doing this? The is .net 4.0 on IIS 7 (Win2k08 R2)
I realize I can set up a new site listening on 443, but Session state would be lost between the sites. I don’t want to track session using SQL at this point (maybe later). Should I just have the current site listen on 443 and have my app reference the login.aspx page using https: instead of http:?
I suggest you have the site listen on both HTTP port 80 and HTTPS port 443, then you set requireSSL=”true” for the forms-tag