Secure Pages Http Module

The Secure Pages Http Module allows you to mark request urls as requiring SSL or being SSL optional. The snippet below shows the settings required in the presentation.config to manage the SSL settings. Here is a brief summary of the elements...
  • requireSsl is the master switch for the module, if it is set to false then the module will ignore all requests that come in
  • If set to true the ignoreProtocolScheme attribute will allow http or https to requests to this page, otherwise it will only allow https
  • nonSecureHostName, nonSecurePort, secureHostName, and securePort, are all used to build redirect urls should someone come in on https and need to be redirected to http or vice versa.

<securePageSettings requireSsl="true" nonSecureHostName="" nonSecurePort="80" secureHostName="" securePort="443">
	<!-- Root pages -->
	<addPage path="/Pages/createAccount.aspx" />
	<addPage path="/Pages/signIn.aspx" />
	<!-- AJAX Requests -->
	<addPage path="/services/profile*"/>
	<addPage path="/services/orders" ignoreProtocolScheme="true"/>
	<addPage path="/services/orders/createbasketshipping"/>	

Last edited Nov 23, 2012 at 8:13 PM by cmcauliffe, version 3


No comments yet.