Setting up SSL page only on login page

Question

I want to set up SSL page for only login page. How can I do it? I a referring this article:

http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-

Answer 1

One simple way is to check if the page is secure when you entering the login page, and after the login to redirect him on a non secure page.

You can check if the page is secure by using this command

HttpContext.Current.Request.IsSecureConnection

The IsSecureConnection, actually check if the url starts with https://

For exampe, if you add this on login page, on PageLoad or on init can do the work

if(!HttpContext.Current.Request.IsSecureConnection)
{
  Response.Redirect(Request.Url.Replace("http://","https://"),true);
  return;
}

But then you need to redirect him to the non secure page when you leave the login page.

One more complex way, but more sure, is to use a code that check not only one page, but all pages base on rules. I suggest this code that I personally use :

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
and
http://code.google.com/p/securityswitch/

Ps The SSL is run in parallel with the non ssl pages, on different port. Its up to you where to navigate your users. So there is not "only one page ssl" option.