More in this section
Categories
Bloggers
Blogs RSS feed

Secure Socket Layer (SSL) and Sitefinity

by User Not Found
On the internet, personal information passes between a user’s computer and a website’s server. While some of this information is non-confidential, other information is sensitive. To ensure safety, software developers encrypt information in two ways: asymmetric encryption and symmetric encryption.

 


In Symmetric Encryption, both parties encrypt and decrypt messages using the same cipher, which is only accessible using the same pubic key. To make the public key difficult to intercept, the two parties will share the public key over the phone or paper mail. Although this is the ideal encryption for the internet because it is the fastest way to encrypt data, anyone who intercepts the public key can encrypt and decrypt messages. Over the internet, it would be too slow to wait for a public key to be shared over the phone or through mail. To mend these flaws, many cryptologists will encrypt the public key asymmetrically and send it via the internet.

 


In asymmetric encryption, keys are generated in a private and public key pair. The public key is used as a unique identifier for each party. Messages can be created and sent using the public key, however, information can only be decrypted using the private key. As a result, the public keys are usually visible in encrypted communication. This is most obvious with assemblies from 3rd party vendors, such as Telerik, where you can easily see the public key by right clicking on the assembly, then selecting properties. In this encryption style, John Smith, for example, sends a message to Jane Jones using Jane’s public key because  she is the only person who can decrypt it (provided that Jane has not shared its private key with anyone).

 


Many websites facilitate the transmission of personal information over the internet, so they implement a Secure Socket Layer (SSL) to encrypt the info from the client’s machine to the server and vice versa. SSL uses symmetric encryption for the messages and asymmetric encryption for the public key. One challenge with data encryption is verifying a party’s identity. At times, a user’s public key is susceptible to interception by another party and used in a man in the middle attack. In this case, someone intercepts messages from both parties, impersonates them, and send messages to each person. For more info on this attack, please read this article.

 


Another way to prove a user’s identity is a SSL certificate. When a user goes to a website, his or her computer communicates to a server with an IP address. Companies, such as Verisign, RapidSSL, and DigiCert, certify that the user’s computer is communicating to a certain IP address. This helps prevent fraud by ensuring that another server is not impersonating the website. If you are using a hosting provider, such as Discount ASP.NET, they will provide you with a public key and a unique IP. From there, you will take this info to a certificate authority and register for an SSL certificate. These expire after a year and they cost around $300 - $400 each, but longer periods of time can be purchased.

 

If your SSL is not set up properly, then you will get an error message saying that the website connect. It will look something like this:

 

 


If you receive a message like this one, please check with your host to make sure that you have the SSL set up and your SSL provider that your certificate is valid.

 

After the SSL Certificate is set-up properly with the host, the developer must enable Sitefinity to use SSL. Although this would require code in a regular ASP.NET application, Sitefinity enables SSL by selecting the enable SSL property from the page properties section. This can be accessed by following these steps:

 


1.    Login to the Sitefinity website
2.    Click on pages
3.    Select a page
4.    Click on the properties tab
5.    Scroll down and click on More Options
6.    Next to Require SSL, click True

 


Out of the box, Sitefinity allows you to set a page property to enable SSL. For the admin, however, no out of the box solution exists. You can, however, add code to the login page’s code-behind to enable SSL for the admin as this forum post will demonstrate.

 


On some web pages, you will see a prompt informing you that some information is non-secure. This happens for two reasons. First, some content on the page could be from an absolute URI, such as http://www.mysite.com/picture.jpg. If the path is not absolute, then ASP.NET will replace the path with the rest of the website. Here are examples of non-absolute paths:

 

Rooted path:
/products/sitefinity.aspx
(always starts from the server root or immediately after the domain name )

Relative paths:
sitefinity/features.aspx
(the path starts from the current folder, in this case /products/)

Application based:
~/products/sitefinity.aspx
(this works only for server controls!!!)

 

Other than these paths, that prompt will also appear with any frame, iframe, or img tags with a blank or unspecified src attribute. Any use of "about:____" pages will also make that prompt appear. For a more detailed discussion, please read this article.

 


By having an enable SSL property on pages, Sitefinity makes it easier to encrypt information. This info must use relative URLs or be from another SSL page to be properly secured. Before this SSL feature can be used, you must ensure that your SSL certificate is set up properly on your server, or else the https: extension will not work on the pages.


26 comments

Leave a comment
  1. mirza May 11, 2011
    Hi
    I need to use smart card loggin in my Sitefinity application. Is there any way to do  this
  2. robert May 01, 2018
    Thank you for another great article. Where else could anyone get that kind of information in such a perfect way of writing? I have a presentation next week, and I am on the look for such information.Donald Muller
  3. robert May 01, 2018
    Nice post mate, keep up the great work, just shared this with my friendzCornell Law School
  4. robert May 01, 2018
    Great articles and great layout. Your blog post deserves all of the positive feedback it’s been getting.contract cleaners
  5. robert May 01, 2018
    An fascinating discussion is value comment. I think that it is best to write extra on this matter, it won’t be a taboo topic however generally people are not enough to talk on such topics. To the next. Cheersroot canal
  6. robert May 01, 2018
    Nice to be visiting your blog once more, it has been months for me. Well this article that ive been waited for therefore long. i want this article to finish my assignment within the faculty, and it has same topic together with your article. Thanks, nice share.granite countertops
  7. robert May 01, 2018
    Great content material and great layout. Your website deserves all of the positive feedback it’s been getting.bitcoin news feed
  8. robert May 01, 2018
    You have done a great job on this article.  It’s very readable and highly intelligent.  You have even managed to make it understandable and easy to read.  You have some real writing talent. Thank you.high end printing nyc
  9. robert May 01, 2018
    This blog is so nice to me. I will keep on coming here again and again. Visit my link as well..phone call mystery shopping
  10. robert May 01, 2018
    I'm glad I found this web site, I couldn't find any knowledge on this matter prior to.Also operate a site and if you are ever interested in doing some visitor writing for me if possible feel free to let me know, im always look for people to check out my web site.cash loans nyc
  11. robert May 01, 2018
    Im no expert, but I believe you just made an excellent point. You certainly fully understand what youre speaking about, and I can truly get behind that. Michigan 529
  12. robert May 01, 2018
    i read a lot of stuff and i found that the way of writing to clearifing that exactly want to say was very good so i am impressed and ilike to come again in future.. Van Graphics West Midlands
  13. robert May 01, 2018
    This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free.iPad Repair
  14. robert May 01, 2018
    I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business.lock smith virginia beach
  15. robert May 01, 2018
    Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.team of best obstetrician in hyderabad
  16. sami May 08, 2018
    You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers.models for hire
  17. sami May 17, 2018
    I really impressed after read this because of some quality work and informative thoughts . I just wanna say thanks for the writer and wish you all the best for coming!.DETECTIVE MADRID
  18. robo May 24, 2018
    Great write-up, I am a big believer in commenting on blogs to inform the blog writers know that they’ve added something worthwhile to the world wide web!..2018 P Penny Box - 2018 penny roll
  19. sami May 28, 2018
    Thanks for your insight for your fantastic posting. I’m glad I have taken the time to see this.Malaysia Cloud Server
  20. sami May 31, 2018
    Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..Detectives España
  21. robo Jun 08, 2018
    I am very enjoyed for this blog. Its an informative topic. It help me very much to solve some problems. Its opportunity are so fantastic and working style so speedy.Detectives Madrid
  22. sami Jun 09, 2018
    You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers.singapore best t shirt printer
  23. sami Jun 23, 2018
    Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject.Investigadores privados Madrid
  24. jone Jun 26, 2018
    This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post!flowers Scottsdale
  25. jone Jul 04, 2018
    including reasonable comments here...DETECTIVES MADRID
  26. detective Jul 17, 2018
    I read that Post and got it fine and informative.detectives privados Madrid

    Leave a comment