[AKA Arizona]

I hope I am explaining this correctly, I have a customer that has content on his website that he wants secure so only people that signup for his subscription can access, I will be using paypal to handle the subscription part of the deal but how do I setup my server {Windows server 2003} to run https web pages and only allow the folks with a subscription access.

[Rockn]

Look up paypal merchant services on their site. You would more than likely have to write some custom script to validate member access. You could do it all manually through paypal and activate their accounts on the site once their payments clear. You can create SSL certificates on your server or you can buy them and apply them manually. Paypal is already secure so there is really no reason to have a certificate on your site unless you just want to use it on your login page.

[AKA Arizona]

They have a perl script for an apache server but im running winders, any idea on that?

[Rockn]

Who has a perl script? If they are on Apache I haven't a clue setting up SSL on it.

[AKA Arizona]

On the PayPal website its part of the merchant tools

[Squashman]

You would just need to load Active Perl State on your Winders box.
http://www.activestate.com/Products/ActivePerl/

[AKA Arizona]

OK so after installing the Active Perl I will be able to run perl scripts?

[AKA Arizona]

I am not sure if this is a new thread but its in the same line, How do I set it up so when I enter say http://www.pcso.com/secure it will open a website with the https://www.pcso.com/secure/secure.aspx

[Rockn]

Here is a tutorail for adding server certificates to Windows 2003 server:
http://www.isaserver.org/img/upl/vpn...terpriseca.htm

YOu can make any directory on your site use SSL in the IIS settings.

[AKA Arizona]

OK and that will do as I discribed above correct

[AKA Arizona]

Maybe I am trying to do the wrong thing here. How is a person prevented from viewing a page without a password?(actually I think I figured that one out but if someone could explain it so I can make sure I did it correctly. Then how would there user/password be entered on my server? that would be the perl script correct?

[Sequal7]

You can use .htaccess files to create the https: redirect;
http://www.whoopis.com/howtos/apache-rewrite.html
then if you needed multiple user logins variables create a user login area in asp, php or whatever then protect the critical pages with authoring script (part of your signup or login session) or if you want to manually add registered users, you can use a simple .htpasswd to verify user(s);
http://www.sysbotz.com/articles/webprotect.htm

[AKA Arizona]

Does .htaccess work with winders 2003 server?

[Rockn]

No it doesn't. From your second description it seems you do not need SSL. If you want to secure certain parts of your site set up a login section and have a session variable set for the pages you want secured, if the session variable does not match or they try and acces a page that requires one they will be given an error or thrown back to the login page. You would have to write this yourself. You could also use Windows authentication, but you would have to create a Windows user account for each person.

[Squashman]

IISpassword.
This way you don't have to setup NTLM authentication in IIS.
http://www.troxo.com/products/iispassword/