+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / SSL - Entire Site

SSL - Entire Site

12 posts, 0 answered
  1. Ruth
    Ruth avatar
    25 posts
    Registered:
    17 May 2012
    12 Mar 2013
    Link to this post

    We've just launched a site using Sitefinity 5 which needs to have SSL enabled on every page. We set this up as normal in IIS but each time we browse to the SSL version Sitefinity redirects us back to the non SSL one.

    Having done some reading I've seen various examples on how to run a script to set the requiressl property on every page in the site which doesn't seem like much of a fix as if our client adds a new page then the script will need to be run again which quite frankly goes against the purpose of having a CMS.

    In Sitefinity 3.7 we were able to override the ProcessSslRedirect method within CmsHttpModule, is there an equivalent in v5? If not how can I set it up to work as described and avoid the need to run the script everytime a new page is created?

  2. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    14 Mar 2013
    Link to this post
    Hi,

     The Require SSL property is available from the Title and Properties menu for every page. The purpose of the script is to conveniently set it to true for all the available pages, so you do not have to go each individual page and manually enable it. After that, when your client creates a page, they will need to tick the Require SSL box:http://screencast.com/t/3Ses5AJCCw1A In addition to this you need to have the http and https bindings configured on IIS to use the default ports.

    Kind regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Ruth
    Ruth avatar
    25 posts
    Registered:
    17 May 2012
    15 Mar 2013 in reply to Atanas Valchev
    Link to this post
    Hi

    Thanks for your response.

    The point is a non-technical content editor should not be concerned with having to check the requiesSSL checkbox. 

    We had the ability to force SSL across the entire site in Sitefinity 3.7 via CmsHttpModule but now this has been taken away and we have no equivalent.

    It's possible to set caching for the entire site so we could really do with an equivalent for requiresSSL.

  4. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    20 Mar 2013
    Link to this post
    Hi,

    I see your point. There is a way to enable Require SSL by default for all newly created pages. 

    An easy way to automate this process is to override the default PagesService and set RequireSSL when a page is saved. Let me elaborate on the recommended approach.

    You can inherit form PagesService, and in SavePage method where the WcfPageContext is available, set the Item (page) RequireSsl to true, then pass control execution to base - this should deliver the same results as with the default service, with the only addition that each newly created page will be saved with RequireSsl = true; 

    using System;
     
    using System.Collections.Generic;
     
    using System.Linq;
     
    using System.Web;
     
    using Telerik.Sitefinity.Modules.Pages.Web.Services;
     
    using Telerik.Sitefinity.Modules.Pages.Web.Services.Model;
     
       
     
    namespace SitefinityWebApp
     
    {
     
        public class PagesServiceCustom : PagesService, IPagesService
     
        {
     
            public new WcfPageContext SavePage(WcfPageContext pageContext, string pageId, string providerName, bool duplicate)
     
            {
     
                pageContext.Item.RequireSsl = true;
     
                return base.SavePage(pageContext, pageId, providerName, duplicate);
     
            }
     
        }
     
    }

    To use the custom service, just go to /Sitefinity/Services/Pages/PagesService.svc and specify your service type:

    <%@ ServiceHost Language="C#" Debug="false" Service="SitefinityWebApp.PagesServiceCustom" Factory="Telerik.Sitefinity.Web.Services.WcfHostFactory" %>

    I hope this helps.

    Kind regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Brett Whittington
    Brett Whittington avatar
    33 posts
    Registered:
    12 Jan 2012
    26 Apr 2013
    Link to this post
    Atanas,

    Thanks for providing a way of doing this.  I had lot of trouble searching the forums for this answer until I did the search on Google.  One question though, wouldn't this always save the "Require SSL" to true even if the user explicitly chose to turn it off?

    If that is so, what would your recommendation be on only setting the "Require SSL" to true when the page is being published the first time?

    Thanks,
    Brett
  6. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    01 May 2013
    Link to this post
    Hi Brett,

    Unfortunately yes. This solution is for users who want their pages to be under SSL all the time. I had an idea to use revision history to check if the page was published for the first time or it had been published before and depending on that the current status of ssl setting to determine if the user wanted this page to be under ssl or not. However, that did not work as expected.

    In your case, the best solution would be to run the ssl code to enable it for all current pages and instruct your users to keep this setting in mind. I will note this in our feedback that it would be good if this setting is configurable.  

    All the best,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Brett Whittington
    Brett Whittington avatar
    33 posts
    Registered:
    12 Jan 2012
    01 May 2013 in reply to Atanas Valchev
    Link to this post
    Thanks for the update.  If this were to be added as a feature request, I'd like to see it enabled/disabled similar to how the allow/disallow comment setting is in the advanced settings fo the administrative section.  Being able to just set true or false for the field would just automatically check/uncheck the box on the page.
  8. Dimitar
    Dimitar avatar
    19 posts
    Registered:
    17 Nov 2016
    06 May 2013
    Link to this post
    Hi Brett,

    Unfortunately this could not be logged as currently there is an easy solution to do it and there are not so many requests for it.
    We hope you won't be disappointed. We are honest and don't  want to give you false expectations.
    Thank you for your understanding!

    All the best,
    DimBo
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Brett Whittington
    Brett Whittington avatar
    33 posts
    Registered:
    12 Jan 2012
    06 May 2013 in reply to Dimitar
    Link to this post
    I don't understand, if there is an easy solution to fix it.  Why wouldn't it be added as a possible future feature?

    If you mean the solution Atanas supplied (while helpful and can surely help some people), it isn't a complete solution.  If a user didn't want the page as SSL for some reason and they published that page, their explicit indication to NOT require SSL would be ignored and SSL would be re-applied anyway.
  10. Dimitar
    Dimitar avatar
    19 posts
    Registered:
    17 Nov 2016
    08 May 2013
    Link to this post
    Hello Brett,

    First of all please accept my apologizes for the misunderstanding. You are absolutely right and this will be part of some of our next releases. We'll try to improve the way how SSL is configured. Although I can't promise you a specific date - I hope you will see it soon in the release notes of the product.

    Thanks again for your patience and constructive feedback!

    All the best,
    DimBo
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  11. Michael
    Michael avatar
    67 posts
    Registered:
    16 Mar 2012
    03 Jun 2013
    Link to this post
    Note, also, that the above solution does not address backend pages created via module builder, etc., so an admin will still need to go and reset those pages to be RequireSSL after creating them.
  12. Devin
    Devin avatar
    16 posts
    Registered:
    27 Aug 2013
    08 Jan
    Link to this post

    If you want all requests to always use HTTPS, another option is to use the IIS plug-in "URL Rewrite" to redirect HTTP requested URLs as HTTPS. URL Rewrite would insert code like the following into your web.config file:

    <system.webServer>
      <rewrite>
        <rules>
          <rule name="Redirect to HTTPS" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
          </rule>
        </rules>
      </rewrite>
    </system.webServer>

    Resources:

    • http://www.jppinto.com/2010/03/automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0/
    • http://weblogs.asp.net/owscott/url-rewrite-protocol-http-https-in-the-action
12 posts, 0 answered