AI OnAI Off

How to require HTTPS for some parts of a site

Lars Flågan
Lars Flågan
Vote:
 
Hi, there
Does anyone have any guidance on how to require parts of a site to be accessed over HTTPS?

Also now that the UI files are moved to the program files folder and is accessed through a virtual path, how can we require that these are accessed over HTTPS? This used to be straight forward configuration of IIS in previous versions.

Cheers 

#32632
Sep 10, 2009 11:57
Per Bjurström
Per Bjurström
Vote:
 

Regards to the UI, just set uiUrl in web.config to a https path.

 

#32638
Sep 10, 2009 16:47
naveedahmad@redweb.com
naveedahmad@redweb.com
Vote:
 

 

You would probably need to write a custom user control to switch between http and https based upon page ids or page template type and then drop that plug in on all templates.

If using page ids, best way would be to put them in web config, get the list of page ids and compare it against the current page and do the switch.

 

 

#32677
Sep 11, 2009 16:09
Magnus Rahl
Magnus Rahl
Vote:
 
I have to disagree. ID:s in web.config is very inflexible. A dynamic property (possibly doubled with a page property with the same name on every page type) is probably better. Then redirect from masterpage etc.
#32680
Sep 11, 2009 16:51
naveedahmad@redweb.com
naveedahmad@redweb.com
Vote:
 

 

Offcourse, dynamic properties can be used to mark page if secured or not.

 

#32681
Sep 11, 2009 16:57
Anders Hattestad
Anders Hattestad
Vote:
 

Guess you need to write your own FriendlyRewriterProvider where you take into account an dynamic property and make the switch between http and https.

 

Somethng like this code should do the trick

public class HttpsBasedRewriter : FriendlyUrlRewriteProvider

{

public override bool ConvertToExternalInternal(UrlBuilder url, object internalObject, Encoding toEncoding)

{

bool status=base.ConvertToExternalInternal(url, internalObject, toEncoding);

PageReference pageLink = internalObject as PageReference;

if (pageLink != null)

{

PageData page = EPiServer.DataFactory.Instance.GetPage(pageLink);

if (page["NeedHttps"] != null)

url.Scheme = "https";

}

return status;

}

protected override bool ConvertToInternalInternal(UrlBuilder url, ref object internalObject)

{

bool status=base.ConvertToInternalInternal(url, ref internalObject);

PageReference pageLink = internalObject as PageReference;

if (pageLink != null)

{

PageData page = EPiServer.DataFactory.Instance.GetPage(pageLink);

if (page["NeedHttps"] != null)

{

if (url.Scheme == "http")

{

url.Scheme = "https";

HttpContext.Current.Response.Redirect(url.ToString(), true);

}

}

}

return status;

}

}

#32688
Sep 13, 2009 21:09
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.