OK... our PCI compliance test has failed. If you go to our site using the ip address, then add to cart, it will allow you to create an account without going to https:
we have the redirectToWWW on, and that works for store.com, but not the ip.
Should aspdotnetstorefront be enforcing this, or is it up to me?
And... if it is up to me, how do I do it on IIS 7.0? (I tried adding the ip address to a redirect site binding, but it didn't work.)
fyi: I tested 2 random sites from your gallery of customers, and they both had the same problem. (one ML8 and one multistore)