I developed an asp.net WebForms management system. It runs over http by default. How can I convert to use https? Or what should I consider to do it?
1 Answer
As a general rule, you don't have to do anything. Since any command like Response.Redirect etc. never included https://.
so, to setup https for your site? This configuration occurs on the web server, and your code and what you built so far does not have to be changed.
Of course for https, then you need to have a security certificate.
They can be quite costly. And to setup a secuirty certificate, your web site in near all cases has to be public facing. (becuase the security certifice provider has to be accessbile. If you behind a firewall or simply deveoping on your computer, then that's not possbile. (your web site during developing is not public exposed).
Of course, while just a few years ago, a major certificate issued by veri-sign or others? They were $300+ dollars per year. But competition, and go-daddy was issuing them for about $100 per year.
However, now? You can use the free open-source ones. One of the most popular ones is lets-encrypt. However, even using a secuirty certifice from them (they last 3 months, and then have to be re-newed - but their process is quite much automated now).
So, setting up https? You do that on the web server.
Even for a secuired web site, if you using Visual Studio and working on your computer (using Visual studio and the default IIS express edition), then you can continue to develop that way, and https is not required. So setup and turning on https for the most part should not require any changes to your code, or your site. The certificate process and setup is thus done with your server.
But, as noted, in most cases, you need a public url/domain, and THEN after that is up and running, you can setup https and install the security certificate on the web server.
Here is some of the steps, but it does suggest that you have familiarly with setting up IIS.
https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows
As noted, for development, in most cases it not a issue. So, this is going to be mostly a IIS configuration and setup - not something that will matter or change your code or even your existing site.
And of course, check with your hosting provider, these days, often a basic hosting plan does and will include a security certificate for the monthly hosting price.
If this is a internal facing site (company network only - not to outside), then you probably can get away using a self-signed certificate (you can google IIS windows setup self-signed certificate for more details). .
