SSL for some files, not for others

Certain applications work poorly under SSL: the back button may not function, or users’ security settings may be such that they are constantly presented with various certificate errors.

Suppose you have a web application which should not be run under SSL, but needs to have secure sections, such as credit card payment or the login. One way to handle this would be to reload the page upon entering and exiting a secure section of the application.

On an IIS server, to set this up, you must first create an SSL certificate. Ordinarily, if you were going to require that SSL be used to access all or part of your site, you would open the IIS manager, right-click a site or directory in the IIS console and choose Properties.

Under the Directory Security tab and choose “Edit” in the Server Certificate section. Then you would check the “Require SSL” checkbox.

If you do NOT check this box, you still have the option for accessing any page in the site with SSL, simply by using https in the URL. However what if your users accidentally get there using an http prefix? You can enforce the url through client side or server side scripting, depending on what you prefer. With client-side javascript you need to be careful, because it can be shut off in the browser.

For more on enabling SSL, see this article