+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Securing Front-end Login Page

Securing Front-end Login Page

2 posts, 0 answered
  1. Rich
    Rich avatar
    24 posts
    Registered:
    22 Oct 2012
    17 Mar 2015
    Link to this post

    I'd like to secure my front-end login page that contains the login widget with https in Sitefinity 7.3.  I know how to secure the entire front-end with https, but don't want to do that for performance reasons. 

    When I set Require SSL on the login page, the login submission gets blocked by the browser due to the fact that http://localhost/Sitefinity/Authenticate/SWT is not https.  This seems like it should be a simple thing but can't find any references on how to accomplish this without securing the entire front-end.

    Here are my web.config settings:

    Web.config settings:
    <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="https://localhost" requireHttps="false" />
    <cookieHandler requireSsl="false" />

     

    SecurityConfig.config settings:

        <securityTokenIssuers>
            <add key="956...E36" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
        </securityTokenIssuers>
        <relyingParties>
            <add key="956...E36" encoding="Hexadecimal" realm="https://localhost" />
        </relyingParties>

  2. Laurent Poulain
    Laurent Poulain avatar
    17 posts
    Registered:
    05 Dec 2016
    24 Mar 2015
    Link to this post
    Hello,

    Inside the page editor, if you edit the login widget you can specify the service URL. By changing the URL format to https you will be able to successfully authenticate.

    Regards,
    Sitefinity Laurent
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
2 posts, 0 answered