+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / How do I secure the Sitefinity back end pages?

How do I secure the Sitefinity back end pages?

34 posts, 0 answered
  1. NK
    NK avatar
    82 posts
    Registered:
    15 Apr 2010
    12 Mar 2013 in reply to Atanas Valchev
    Link to this post

    Thank you for fast replying, Atanas. I am a bit new to sitefinity version 5.0.

    I went thru the project in Visual Studio, I could not find the login page .aspx or any aspx.cs file. Moreover, I could not find any .aspx page, but all .svc. How do I place it the to page?

     

    Are we talking on the same version of Sitefinity.

     

    Thank you for helping,

    NK 

  2. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    15 Mar 2013
    Link to this post
    Hello,

    I am attaching a sample that will help you set ssl for all frontend pages. Add it to your project, include it in the solution, build it. After that access the page, select ssl for frontend pages and turn it on. 

    All the best,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Stephen
    Stephen avatar
    1 posts
    Registered:
    08 Jan 2013
    15 Mar 2013 in reply to Atanas Valchev
    Link to this post
    We are trying to set up the backend SSL on a test box (with a self signed certificate) just to make sure we can get this working for when our site goes live.

    On a fresh 5.3 site (the version our site was developed on, has a third party plugin that we cannot update yet) which we built fresh, we get the following error when following steps 1 & 2 when we try to access the https://address/sitefinity page:

    Server Error in '/' Application.
    ID1056
    Description:
     An unhandled exception occurred during
    the execution of the current web request. Please review the stack trace
    for more information about the error and where it originated in the
    code.
    Exception Details:
     System.InvalidOperationException: ID1056
    Source Error:
    An unhandled exception was generated during the execution of the current
    web request. Information regarding the origin and location of the
    exception can be identified using the exception stack trace below.
    Stack Trace:
    [InvalidOperationException: ID1056]
    Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.VerifyProperties() +412
    Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.RedirectToIdentityProvider(String uniqueId, String returnUrl, Boolean persist, Boolean deflate) +35
    Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.RedirectToIdentityProvider(String requestUrl) +162
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

    Is there something I am missing here that is obvious? (completely likely).

    Also, the "key" you are wanting us to use is the Public Key information from the SSL certificate in IIS, correct?

    Thank you.
    Steve K.
  4. Atanas Valchev
    Atanas Valchev avatar
    414 posts
    Registered:
    04 Jan 2016
    20 Mar 2013
    Link to this post
    Hi Stephen,

    Please check if you have configured your site in the following way.

    First we need to have the site set up on IIS using the default ports – 80 for http and 443 for https.
     
    After that check the web.config if requirehttps is set to true:

    <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>
            <cookieHandler requireSsl="false"/>
          </federatedAuthentication>

    After this is done, one last setting is left. Since the Sitefinity Backend login page is running on https, a new relying party needs to be added in the security.config file. Just copy the already available Relying party in your security.config and add https. You relyingParties section should look something like:

    <relyingParties>
            <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="http://mysite.com" />
            <add key="F033D3A3799B086BCB17ED59CD440F4B9FFB99830D862396ECDBEEBBE70C6487" encoding="Hexadecimal" realm="https://mysite.com " />
        </relyingParties>

    If you have other questions or continue to experience problems with configuring this, please, feel free to open a support ticket.

    Regards,
    Atanas Valchev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
34 posts, 0 answered
1 2