Partilhar via


Alternative Method for SSL Front End

I mentioned Friday that there is an alternative way of getting the Starter Site to work behind an SSL appliance.  Some appliances allow creating some indication that a connection is secure.  The trick is then to let the Starter Site know that this is what's happening.

There are two main ways to flag the connection as secure.  The steps for modifying the Starter Site are the same save for the logic you apply in the actual function.  The first option is to set an http header such as "X-SSL-Request: 1" on all HTTPS requests.  The second option is to have all HTTPS requests be sent to a different port, such a 8043 (make sure you leave HTTP requests going to a different port).  You'll need to consult the manual on your particular device to find how to configure it.

Either way the result is the same, wherever the Starter Site checks to see if the site is secure test one of the above conditions.  We'll first create a method in SiteContext:

 public bool IsSecureConnection()
{
    return HttpContext.Current.Request.IsSecureConnection || 
           HttpContext.Current.Request.Headers["HTTP_X_SSL_REQUEST"].Equals("1");
}

If you are using the port method you'll want to compare that the current port (HttpContext.Current.Response.Port) equals the secure port you've chosen.

Once you've added the method you'll want to change all of the places in the Starter Site where it checks (HttpContext.Current.)Request.IsSecureConnection and switch it to use SiteContext.  Here are all the ones that I've found:

 App_Code\SiteContext.cs:186: return this.BuildCatalogUri(target, HttpContext.Current.Request.IsSecureConnection);
App_Code\SiteContext.cs:213: return this.BuildUri(target, HttpContext.Current.Request.IsSecureConnection);
App_Code\SiteContext.cs:381: return this.GetAssetUri(target, HttpContext.Current.Request.IsSecureConnection);
App_Code\SiteModule.cs:74: if (!request.IsSecureConnection && SiteContext.Configuration.RequireSsl)
User\Login.aspx.cs:44: if (!Request.IsSecureConnection && SiteContext.Configuration.RequireSsl)
User\RecoverPassword.aspx.cs:22: if (!Request.IsSecureConnection && SiteContext.Configuration.RequireSsl)
User\Register.aspx.cs:30: if (!Request.IsSecureConnection && SiteContext.Configuration.RequireSsl)

At this point you should be able to run the Starter Site behind an SSL Accelerator Appliance without needing to perform the steps in the previous post.

Make sure you test your changes to ensure that it works correctly and doesn't open up any security holes, particularly with normal HTTP connections coming through the appliance..