Hi,
We are developing a connection to Ariba Network where we need to make sure that the entire session is SSL only. Is there a way to use "ForceSslForAllPages" in the code? (I know there is a setting in the admin area, but this affects all users. I am only interested in changing this for the current user.)
Greetings
SSL - ForceSslForAllPages
Certified Developer
- 38
- 380
- 4/22/2010
- Sweden
louisd wrote:
Thanks for your suggestion! I did a quickcheck about .htaccess since I didn't know about it before, but it sounds like this is a solution for ALL users on the page, not just the current session? (The easiest way to enforce SSL for ALL users of the page is to set the ForceSslForAllPages setting in the admin via Configuration > Settings > All Settings)
probably easier to just add a redirect to the .htacess file.
Thanks for your suggestion! I did a quickcheck about .htaccess since I didn't know about it before, but it sounds like this is a solution for ALL users on the page, not just the current session? (The easiest way to enforce SSL for ALL users of the page is to set the ForceSslForAllPages setting in the admin via Configuration > Settings > All Settings)
- 190
- 1836
- 6/14/2012
- United States
You'll probably want to add in a special code snippet to your BeginRequest in Global.asax. From there, you can monitor the current user, and when certain conditions get met, you can enforce a redirect to https. There is an example of https redirect in NopSSLRequirementAttribute (Nop.Web.Framework), and the Begin Request is easy to find and tap into.