Determine protocol for website
https://stackoverflow.com/questions/3607716
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using IIS 6. I need to determine whether a certain site is running under http or https.
I tried extracting all of the properties using 'DirectoryEntry' from: IIS://localhost/W3SVC/1 (1 is the site id in this example)
The following are the results. If anyone knows of any other way of determining IIS6 protocol type programmatically, using 'DirectoryEntry' - please let me know
AccessFlags = 513 AppIsolated = 2 KeyType = IIsWebVirtualDir Path = c:\inetpub\wwwroot AppRoot = /LM/W3SVC/1/ROOT AppFriendlyName = Default Application DefaultDoc = Default.htm,Default.asp,index.htm,iisstart.asp AnonymousPasswordSync = True DirBrowseFlags = 1073741886 CacheISAPI = True CGITimeout = 300 AuthFlags = 1 ContentIndexed = True AspLogErrorRequests = True AspScriptFileCacheSize = 250 AspScriptEngineCacheMax = 125 AspExceptionCatchEnable = True AspTrackThreadingModel = False AspAllowOutOfProcComponents = True AspEnableAspHtmlFallback = False AspEnableChunkedEncoding = True AspEnableTypelibCache = True AspErrorsToNTLog = False AspProcessorThreadMax = 25 AspRequestQueueMax = 3000 AspMaxDiskTemplateCacheFiles = 1000 AspAllowSessionState = True AspBufferingOn = True AspEnableParentPaths = True AspSessionTimeout = 20 AspQueueTimeout = -1 AspCodepage = 0 AspScriptTimeout = 90 AspScriptErrorSentToBrowser = True AppAllowDebugging = False AppAllowClientDebug = False AspKeepSessionIDSecure = False AspEnableApplicationRestart = True AspQueueConnectionTestTime = 3 AspSessionMax = -1 AspLCID = 2048 AnonymousUserName = IUSR_MASTER AspScriptLanguage = VBScript AspScriptErrorMessage = An error occurred on the server when processing the URL. Please contact the system administrator. AnonymousUserPass = wl60A8PT[Cp@hE AspDiskTemplateCacheDirectory = %windir%\system32\inetsrv\ASP Compiled Templates HttpCustomHeaders = X-Powered-By: ASP.NET KeyType = IIsCertMapper
Can any of these tell me if the protocol is Http or Https? If not... does anyone know how to check it using C# on IIS 6?
Solution
Sure : IIS AccessSSLFlags property contains these informations.
If AccessSSL (hex 0x00000008) flag is set, it mean that SSL -ie https- is required, if not http is available.
As usual, you have to check this property on your IIS WebServer root directory since IIS logic is based on virtual dirs.
Path -> IIS://localhost/W3SVC/1/Root
OTHER TIPS
It looks like you need to look use the SecureBindings property of a IIsWebServer object.
I tested the following code snippet on my own Windows Server 2003 with both SSL and non-SSL sites.
DirectoryEntry di = new DirectoryEntry("IIS://prodweb1/W3SVC/1");
PropertyValueCollection sslCertHashProperty = di.Properties["SSLCertHash"];
if (sslCertHashProperty.Count > 0)
{
Console.WriteLine("Site has associated SSL Certificate.");
}
PropertyValueCollection secureBindingsProperty = di.Properties["SecureBindings"];
if (secureBindingsProperty.Count > 0)
{
Console.WriteLine("Site has at least one SSL (https) binding.");
}
PropertyValueCollection serverBindingsProperty = di.Properties["ServerBindings"];
if (serverBindingsProperty.Count > 0)
{
Console.WriteLine("Site has at least one non-SSL (http) binding.");
}
You can use the metabase to tell. I don't know why it isn't in you output, but there should be a property lik IsSecure=true to indicate that ssl is required. I don't think that this property is set if ssl is optional.
If you can wait until you receive a request, you can use Request.IsSecureConnection.
not that versed in C# but I believe you can load the web.config information in your application. There you should be abler to see if there is a specific security key indicating that SSL is configured on the server.
Configuration.AppSettings(<key>)
You can check the request object. If SSL is being used:
HttpContext.Current.Request.ServerVariables["HTTPS"].ToLower() == "on"
