HTTPS and edit mode

Vote:
 
Hi, I've got a few templates that I run secure by setting a certificate on their aspx files, and this works fine for end users. However edit mode doesn't work well with it, as it seems oblivious to the need for https and just gives a page not found instead of previewing/viewing the page. Does anyone have a workaround for this? Cheers, Tim
#12823
Mar 25, 2008 18:35
Vote:
 
Are you redirected "out" of https to http? Try to use fiddler, and see if you get any http requests when you expect only https.
#14943
Mar 25, 2008 18:46
Vote:
 
What I mean is that when the page is clicked on in the structure tab in edit mode, it doesn't realise the page requires https so just attempts to use the standard http link, which naturally enough gives a 403.4 error.
#14944
Mar 25, 2008 18:46
Vote:
 
Hm, got that wrong then. Are you running everything in edit mode (https://.../edit/), or do you just need ssl on spesific pages? If the latter is true, EPiServer will not do this for you, it only uses realtive addresses - the requirement for SSL is a IIS setting, not an EPiServer setting. /Steve
#14945
Mar 25, 2008 18:46
Vote:
 
Just a few specific pages. I was hoping there was some sort of workaround to get the preview working in edit mode. It would be nice if a future version of episerver could have a property to specify https for individual templates, perhaps.
#14946
Mar 25, 2008 18:46
Vote:
 
Ok, I see your point. The problem with requiring ssl in IIS is that it will be enforced before ASP.NET and EPiServer sees it. Having the requirement on a page type, or even on specific pages is an option, and it is not too difficult to do yourself. Just as EPiServer checks the security for a page on load, and redirects if needed, you can do the same thing for SSL. I always recommend having a common base class for all your templates, and inherit from this, instead of TemplatePage. Your base can inherit from TemplatePage instead. In your class, you can enforce such an SSL rule, for all pages on the site. Another option is to write a httpmodule that does this for you. But, beware of the SSL warning popups that will haunt your users if you constantly switch to and from SSL. The easy solution is of course to make sure that you stay on https if you get there in the first place. However, nothing is cached (not even images) under SSL, so things will be slow. /Steve
#14947
Mar 25, 2008 18:46
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.