That was changed in a recent version because there is no reason for the other pages throughout the site to use an SSL as there is nothing that needs to be encrypted on them. It can also speed up the speed of the site along with helping with SEO problems that can be caused by having an https and http version of a page. If you want to change that I am not sure what is entailed.
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
How can i see that sSL is working ? I have SSL installed on my site (ARVIXE) and I ve checked the Force SSL on all site, but i don't see any lock on the webaddress of chrome.
similar issue here: securitysettings.forcesslforallpages does absolutely nothing! if you type http://yourwebsite.com , it still shows unencrypted. only if you type https://yourwebsite.com, does it encrypt all the pages
What I'd like to see is: the login page, checkout page and customer pages encrypted. It would be nice if ALL the admin pages were encrypted -
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
Thanks for the advice!!! ForceSslForAllPages does nothing unless you actually type in HTTPS (which no one ever does making the setting moot)
I ran into this with a client a while back. Some clients just want that little padlock to show up on all pages. A reasonable request.
What I did was completely remove all references to controller attribute NopHttpsRequirment. After this I added a custom inbound url rule in IIS that looked something like this.
The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL. Also pretty easy. I just prefer the 301 permanent redirect method personally.
t
For some reason on IIS 8 this doesn't work (at least for me). Could be they changed something. I didn't check. However this does