Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 10 of 10

Thread: HTTPS on all pages in Store

  1. #1
    dmebus is offline Junior Member
    Join Date
    Jul 2009
    Posts
    1

    Default HTTPS on all pages in Store

    How can I set up the storefront so that all links are https and SSL is enforced? I have the setting for UseSSL to true and LiveServer set up but this only applies to the checkout pages. I need all pages to enforce SSL.

    I was told by AspDotNetStorefront that what I was asking for required code updates. Anyone have any pointers?

  2. #2
    George the Great is offline Senior Member
    Join Date
    Nov 2006
    Location
    Cleveland, OH
    Posts
    1,792

    Default

    There are ways you can do this in IIS if you have access...eg.

    IIS 6:
    1. Open the Internet Service Manager, then open the Properties for your website.
    2. Click the Directory Security tab.
    3. Click Edit in the Secure Communications section.
    4. Select Require Secure Channel (SSL).


    IIS 7:
    1. Select the web site from the left tree menu.
    2. Double click SSL settings in the main content area.
    3. Check the Require SSL check box.


    Obviously though, these are only going to work if you have control of the server and IIS (most shared hosting environments won't allow this type of control even through their hosting control panels). In this case, then you'll want to configure your site to use https and to never revert to http...then on the default page, and maybe a few of the other pages (depending on which of your pages get the most traffic, add the following line in Page_Load of the codebehind (as long as the pages inherit from SkinBase you don't have to fully qualify the method (eg. SkinBase.RequireSecurePage(); )
    Code:
    RequireSecurePage();
    <a href="http://www.aspdotnetstorefront.com">Shopping Cart Software</a>

  3. #3
    doktorhallam is offline Member
    Join Date
    Jan 2009
    Posts
    66

    Default

    to my understanding, depending on the specific storefront version you are running, you will need to check your GoNonSecureAgain AppConfig and make sure it is set to 'false' as well.

  4. #4
    DanV's Avatar
    DanV is offline Ursus arctos horribilis
    Join Date
    Apr 2006
    Posts
    1,568

    Default

    Yes. GoNonSecureAgain could cause the site to endlessly loop. There is generally no reason to force the entire site into SSL. It just creates additional load on the server to send non-sensitive text and images back and forth in most places.

  5. #5
    baba is offline Senior Member
    Join Date
    Dec 2008
    Posts
    123

    Default

    How do you set the website to only enforce SSL on shopping cart or credit card pages. Unfortunately, setting the USESSL enforces it on all the pages, even the home page. How can I turn that off?
    Take Care

    B-A-B-A

  6. #6
    MelanieA is offline Junior Member
    Join Date
    Sep 2008
    Posts
    313

    Default

    If you want the cart to go non-secure again on pages that don't need to be secured (product pages, home page, etc), set the GoNonSecureAgain AppConfig to true.

  7. #7
    DotNetDevelopments is offline Senior Member
    Join Date
    Jul 2008
    Location
    Harlow / Essex / UK
    Posts
    619

    Default

    When a customer goes to view there basket on our site within IE they get the 'Security Warning' pop-up appear asking them "Do you want to view only the webpage content that was delivered securely?"

    It is because all of our images, store logo's etc are not being delivered securely, how do I stop this happening and make sure that the customer doesnt get this pop-up?
    =====
    Version (Code/DB): AspDotNetStorefront MSx 9.1.0.1/9.1.0.0
    Execution Mode: 64 Bit
    Dot Net Developments - E-commerce By Experience

  8. #8
    BloomerBeak is offline Member
    Join Date
    Oct 2007
    Location
    Davao City
    Posts
    76

    Default

    I'm having the same problem. Does anybody knows this? Thanks.

    Quote Originally Posted by e-tradecounter View Post
    When a customer goes to view there basket on our site within IE they get the 'Security Warning' pop-up appear asking them "Do you want to view only the webpage content that was delivered securely?"

    It is because all of our images, store logo's etc are not being delivered securely, how do I stop this happening and make sure that the customer doesnt get this pop-up?
    ***Melay***
    Web Developer
    Philippines

  9. #9
    ASPAlfred is offline Senior Member
    Join Date
    Nov 2007
    Posts
    2,244

    Default

    As far as I know that warning message appears because you have external HTTP based resources on your pages. The only way to fix that warning is to ensure that your HTTPS pages only access embedded resources using the HTTPS protocol not http. You can use HttpWatch free edition software or the like and access that page again while that is running. It should give you a list of those links that uses htt based resources.

  10. #10
    BloomerBeak is offline Member
    Join Date
    Oct 2007
    Location
    Davao City
    Posts
    76

    Default

    Thank you very much, Sir Alfred.

    One of my images used http, and that caused the problem. When I changed it, the security warning doesn't pop up anymore.

    Thanks again. ^_^
    ***Melay***
    Web Developer
    Philippines