Can anybody assist in setting up a ssl, but only for a very small part of the site? And with very small part, I mean to only https the login page of the frontend site?
Any good tips? If I authenticate a member using ssl, am I able to redirect back to http and make sure the member is logged on in the http part of the umbraco site?
I had a similar thing on a client project recent, which lead me to making the HTTPS Redirect package. You can specify DocType aliases or specific NodeIds to perform the redirect/switch on.
With the authentication, once you've set a cookie against the domain (on HTTPS), it will work against regular HTTP too.
Aha, i was thinking in the right direction then... i was just worried that i wouldn't be able to have the member authenticated against the http site? So, basically, if I've got the following setup:
Yes, I believe the cookie will work on both, (although now I'm starting to have a small bit of doubt... doh!) :-$
Cookies have a "secure" flag, which enables them to be read from both HTTP and HTTPS... so if you set the cookie in HTTPS, I'd assume that "secure" would be enabled, right?
I've got a boolean (yes/no )property on my documenttypes called useSSL and then on my master.master file I check if it's set and redirects properly
if (currentNode.GetProperty("useSSL") != null) { if (currentNode.GetProperty("useSSL").Value == "1") { //This page is forced to SSL if (!Request.IsSecureConnection) Response.Redirect(Request.Url.ToString().Replace("http:", "https:")); } else { if (Request.IsSecureConnection) Response.Redirect(Request.Url.ToString().Replace("https:", "http:")); } }
using ssl for login page only
Hi all,
Can anybody assist in setting up a ssl, but only for a very small part of the site? And with very small part, I mean to only https the login page of the frontend site?
Any good tips? If I authenticate a member using ssl, am I able to redirect back to http and make sure the member is logged on in the http part of the umbraco site?
Any advice would be greatly appreciated!
Cheers,
/Dirk
Hi Dirk,
I had a similar thing on a client project recent, which lead me to making the HTTPS Redirect package. You can specify DocType aliases or specific NodeIds to perform the redirect/switch on.
With the authentication, once you've set a cookie against the domain (on HTTPS), it will work against regular HTTP too.
Cheers, Lee.
Aha, i was thinking in the right direction then... i was just worried that i wouldn't be able to have the member authenticated against the http site? So, basically, if I've got the following setup:
- Regular site runs on www.client.be
- Login functionality only runs on sub.client.be
Based on your feedback, if I set cookie against .client.be, it should just work, right?
Cheers,
/Dirk
Yes, I believe the cookie will work on both, (although now I'm starting to have a small bit of doubt... doh!) :-$
Cookies have a "secure" flag, which enables them to be read from both HTTP and HTTPS... so if you set the cookie in HTTPS, I'd assume that "secure" would be enabled, right?
Sorry for the very late reply.
I've got a boolean (yes/no )property on my documenttypes called useSSL and then on my master.master file I check if it's set and redirects properly
Is it possible to just put the property on the parent page?
is working on a reply...