20 Dec 2009
19 Jul 2011
Link to this post
We are running Sitefinity 3.7 SP4 in a .NET 4.0 app pool on IIS6 / Windows 2003, and I'm having a difficult time getting SSL fully and properly configured. Our goal is to not only secure certain pages on the public side of the website, but also the Sitefinity login page (and possibly the rest of the Sitefinity administrative pages).
I am hoping someone at Telerik or another community member has been through this too can share directions on how to set it up. I've scoured the documentation and forum posts, the latter which got me closer, but not completely, to success.
Here are the steps I've tried so far:
1. In IIS6, installed the SSL certificate.
2. In IIS6, website properties, Website tab, specified port 443 as the SSL port.
3. In IIS6, on the /Sitefinity/Login.aspx file's properties, File Security tab, "Edit" under Secure Communications, checked "Require secure communication (SSL)".
4. In Sitefinity > Admin > Pages, select a page to secure, set "Require SSL" to "Yes" and save the page.
I've also tried messing with the "redirectSSL" attribute in the cms tag of web.config (all possible values).
The problems I'm left with (depending on specific combinations of the above) are one of:
1. Infinitely redirecting between http and https.
2. Getting the infamous IE8 security warning of mixed secure/unsecured content (or the equivalent in Chrome and other browsers).
3. Losing query string paramaters when going from a non-secure page to the secured login page (i.e. losing the ReturnUrl parameter).
The third outcome is the best I've gotten, but still inadequate since it kills the ReturnUrl feature of the login page.