Thread: HTTPS on all pages in Store

How can I set up the storefront so that all links are https and SSL is enforced? I have the setting for UseSSL to true and LiveServer set up but this only applies to the checkout pages. I need all pages to enforce SSL.

I was told by AspDotNetStorefront that what I was asking for required code updates. Anyone have any pointers?

There are ways you can do this in IIS if you have access...eg.

IIS 6:

1. Open the Internet Service Manager, then open the Properties for your website.
2. Click the Directory Security tab.
3. Click Edit in the Secure Communications section.
4. Select Require Secure Channel (SSL).

IIS 7:

1. Select the web site from the left tree menu.
2. Double click SSL settings in the main content area.
3. Check the Require SSL check box.

Obviously though, these are only going to work if you have control of the server and IIS (most shared hosting environments won't allow this type of control even through their hosting control panels). In this case, then you'll want to configure your site to use https and to never revert to http...then on the default page, and maybe a few of the other pages (depending on which of your pages get the most traffic, add the following line in Page_Load of the codebehind (as long as the pages inherit from SkinBase you don't have to fully qualify the method (eg. SkinBase.RequireSecurePage(); )

Code:

RequireSecurePage();

to my understanding, depending on the specific storefront version you are running, you will need to check your GoNonSecureAgain AppConfig and make sure it is set to 'false' as well.

Yes. GoNonSecureAgain could cause the site to endlessly loop. There is generally no reason to force the entire site into SSL. It just creates additional load on the server to send non-sensitive text and images back and forth in most places.

How do you set the website to only enforce SSL on shopping cart or credit card pages. Unfortunately, setting the USESSL enforces it on all the pages, even the home page. How can I turn that off?

If you want the cart to go non-secure again on pages that don't need to be secured (product pages, home page, etc), set the GoNonSecureAgain AppConfig to true.

When a customer goes to view there basket on our site within IE they get the 'Security Warning' pop-up appear asking them "Do you want to view only the webpage content that was delivered securely?"

It is because all of our images, store logo's etc are not being delivered securely, how do I stop this happening and make sure that the customer doesnt get this pop-up?

I'm having the same problem. Does anybody knows this? Thanks.

Originally Posted by e-tradecounter

When a customer goes to view there basket on our site within IE they get the 'Security Warning' pop-up appear asking them "Do you want to view only the webpage content that was delivered securely?"

It is because all of our images, store logo's etc are not being delivered securely, how do I stop this happening and make sure that the customer doesnt get this pop-up?

As far as I know that warning message appears because you have external HTTP based resources on your pages. The only way to fix that warning is to ensure that your HTTPS pages only access embedded resources using the HTTPS protocol not http. You can use HttpWatch free edition software or the like and access that page again while that is running. It should give you a list of those links that uses htt based resources.

Thank you very much, Sir Alfred.

One of my images used http, and that caused the problem. When I changed it, the security warning doesn't pop up anymore.

Thanks again. ^_^