More in this section

SSL login

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
1 posts, 0 answered
  1. Simon
    Simon avatar
    9 posts
    Registered:
    25 Jul 2004
    25 Jul 2011
    Link to this post
    We wanted to secure the Sitefinity login page (https), but then wanted to redirect the user to a non-secure (http) page after authentication. Additionally, we wanted to handle any requests for password protected web site pages with a custom login screen - non Sitefinity login screen.

    I created a httpmodule to implement this functionality. If anyone else is looking for something similar this might work for you too, or might be a good starting point for your own particular goal.

    To implement this create an "App_Code" directory in the root of your web site project, if one does not already exist. Then create a class file with the following code:
    using System;
    using System.Configuration;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
     
     
    public class SslResponse : IHttpModule
     
    {
         
        public SslResponse()
        {
        }
     
        public string ModuleName
        {
            get { return "SslResponse"; }
        }
     
        public void Dispose()
        {
        }
     
        public void Init(HttpApplication application)
        {
            application.BeginRequest += new EventHandler(this.Application_BeginRequest);
        }
     
        private void Application_BeginRequest(object sender, EventArgs e)
        {
            HttpContext context = HttpContext.Current;
            Uri currentRequest = context.Request.Url;
     
            //Check for SSL requests in Admin after login and redirect to non-secure
            if (currentRequest.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.CurrentCultureIgnoreCase))
            {
                if (!currentRequest.IsLoopback)
                {
                    if (!currentRequest.AbsolutePath.ToLower().Contains("/sitefinity/login.aspx"))
                    {
                        if (ConfigurationManager.AppSettings["nonSecureCMSAfterAuthentication"].ToLower() == "true")
                        {
                            if (currentRequest.AbsolutePath.ToLower().Contains("/sitefinity/"))
                            {
                                UriBuilder nonSslRedirect = new UriBuilder(currentRequest);
                                nonSslRedirect.Scheme = Uri.UriSchemeHttp;
                                nonSslRedirect.Port = -1;
                                context.Response.Redirect(nonSslRedirect.Uri.ToString());
                            }
                        }
                    }
                }
            }
     
     
            //Check for secure connection when logging in and check for non CMS login request
            if (currentRequest.AbsolutePath.ToLower().Contains("/sitefinity/login.aspx"))
            {
                if ((!string.IsNullOrWhiteSpace(currentRequest.Query) & !currentRequest.Query.ToLower().Contains("sitefinity")))
                {
                    if (!string.IsNullOrWhiteSpace(ConfigurationManager.AppSettings["nonCMSLogin"]))
                    {
                        context.Response.Redirect(ConfigurationManager.AppSettings["nonCMSLogin"] + currentRequest.Query);
                    }
                }
                else
                {
                    if (!currentRequest.IsLoopback)
                    {
                        if (ConfigurationManager.AppSettings["secureCMSLogin"].ToLower() == "true")
                        {
                            if (!currentRequest.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.CurrentCultureIgnoreCase))
                            {
                                UriBuilder secureUrl = new UriBuilder(currentRequest);
                                secureUrl.Scheme = Uri.UriSchemeHttps;
                                secureUrl.Port = -1;
                                context.Response.Redirect(secureUrl.ToString());
                            }
                        }
                    }
                }
            }
     
        }
    }

    Next, in your web.config file add the following under the appsettings node:
    <!-- Security -->
    <add key="secureCMSLogin" value="True"/>
    <add key="nonSecureCMSAfterAuthentication" value="True"/>
    <add key="nonCMSLogin" value="~/web-user/web-user-login.aspx"/>

    Using the "nonCMSLogin" value you can define a login page to redirect users to for any secured non-admin resources.

    Next, within the web.config add the following to the httpmodules node:
    <add name="SslResponse" type="SslResponse, App_Code"/>

    And finally add the following to the <system.webserver><modules> node (also in web.config):
    <remove name="SslResponse"/>
    <add name="SslResponse" type="SslResponse, App_Code"/>

    Simon
1 posts, 0 answered