Add a "default.aspx" page to the site, and then
try and hit it with the browser by typing https://localhost/default.aspx (note
the usage of "https" instead of "http" to indicate that you
want to connect over SSL).
If you are using IE7, you'll likely see this anti-phishing
error message kick in
Figure 10
Don't panic if this happens - it is just IE
being helpful by suggesting that a self-signed certificate on your local
machine looks suspicious. Click the "Continue to this website" link
to bypass this security warning and proceed to the site. You'll find
that your default.aspx page is now running protected via SSL:
Figure 11
You are all done. :-)
Appendix: A Few Last SSL Notes
A few last SSL related notes:
The IIS 7.0 admin tool has an "SSL Settings" node
that you can select for each site, directory or file that allows you to control
whether that particular resource (and by default its children) requires an SSL
request in order to execute. This is useful for pages like a login.aspx
page, where you want to guarantee that users can only enter their credentials
when they are posting via an encrypted channel. If you configure the login.aspx
page to require SSL, IIS 7.0 will block browsers from accessing it unless they
are doing so over SSL.
Within an ASP.NET page or handler, you can programmatically
check whether the current request is using SSL by checking the Request.IsSecure
property (it will return "true" if the incoming browser request is
over SSL).
You can set the "requireSSL" attribute on the
<forms> configuration section within web.config files to have ASP.NET's
forms-authentication system ensure that forms-authentication cookies are only
set and used on SSL enabled pages and URLs. This avoids the risk of a
hacker trying to intercept the authentication cookie on a non-SSL secured page,
and then trying to use a "replay attack" from a different machine to
impersonate a user.
For more information on IIS 7.0, please read my earlier IIS 7.0 overview blog post. Also make
sure to check out the www.iis.net
website.
To read more of my "Tips and Tricks" blog posts,
please visit my Tips and Tricks Summary Page.
Hope this helps,
Scott