Hi all,
I'm new to the NopCommerce world, and slowly bashing my way through the configuration and customisation. What a lovely product I must say :-)
One question - I had originally set my store up as a standard HTTP unsecured site, pending a purchase of the certificate. Now I have it, installed successfully. As I want my entire site secure, I have checked the "Require SSL" tickbox on the IIS configuration for the appropriate virtual host.
NopCommerce (1.6 installed) is working alright, as far as the main page goes, login, management, etc, but when I click on the categories, I get the error about it needing SSL. The link, when hovering, has the https://site/1-category.aspx, but the page it opens is http://site/1-category.aspx --> without the S.
I've enabled the UseSSL option in Web.config, i've set the "site url" for emails etc, to https://site but I've just hit this bump and I'm not sure where to go from here.
Please take a look at https://store.thesophisticatedhound.com.au/ to see the symptoms I'm referring to.
Any help or advise would be greatly appreciated!
Thanks
Michael
SSL Configuration Issue
- 8
- 40
- 5/7/2010
- Australia
mjunek wrote:
Thanks for pointing me in the right direction Andrei
I cheated a little :-)
While searching for the enum's to change, I decided to change the base helper
Cheers. I take it I should look through all aspx.cs files and specify this option in order to convert the entire site to SSL based?
Thanks for pointing me in the right direction Andrei
I cheated a little :-)
While searching for the enum's to change, I decided to change the base helper
switch (this.SslProtected)
{
case PageSslProtectionEnum.Yes:
{
CommonHelper.EnsureSsl();
}
break;
case PageSslProtectionEnum.No:
{
//Dirty hack so I dont have to change every single page.
// CommonHelper.EnsureNonSsl();
CommonHelper.EnsureSsl();
}
break;
case PageSslProtectionEnum.DoesntMatter:
{
//do nothing in this case
}
break;
}
- 248
- 1446
- 5/4/2010
- United Kingdom
I hit the same gotcha when getting started and the reason is that you're not meant to force SSL in IIS, you're meant to set useSSL in the web.config and let Nop decide which pages and resources to serve out encrypted and which to send in the clear.
My own notes made at the time say:
If writing our own page and want to ensure that it uses SSL add the following to the code behind:
if (!Page.IsPostBack)
{
CommonHelper.EnsureSSL();
}
Not sure the Nop scheme is entirely intuitive but I imagine there's a good reason for it.
I have to trust it's secure as nobody answered my "cookie question" - https://www.nopcommerce.com/boards/t/5004/cookie-question.aspx
Steve
My own notes made at the time say:
If writing our own page and want to ensure that it uses SSL add the following to the code behind:
if (!Page.IsPostBack)
{
CommonHelper.EnsureSSL();
}
Not sure the Nop scheme is entirely intuitive but I imagine there's a good reason for it.
I have to trust it's secure as nobody answered my "cookie question" - https://www.nopcommerce.com/boards/t/5004/cookie-question.aspx
Steve
- 8
- 40
- 5/7/2010
- Australia
kingboyk wrote:
Fair call. One thing I have personally hated when shopping online is constantly switching between secure and insecure mode, as I can never be 100% sure what's going on where. Which is why, with this site, I wanted to ensure the whole site was completely SSL.
I do understand the speed impacts of running completely SSL, but fortunately I have plenty of resources coming out of my rear end for the size of this site. The main aim was to keep clients happy that they are using a totally secure site.
Do you think that I will encounter any roadblocks by using the method described? I'd like to go live the purchasing side of the site soon, as the physical shopfront is now open. SSL and Tax-Department correct PDF Invoices were the only things holding me back, hopefully all sorted now with the above script change!
Cheers :)
Michael
I hit the same gotcha when getting started and the reason is that you're not meant to force SSL in IIS, you're meant to set useSSL in the web.config and let Nop decide which pages and resources to serve out encrypted and which to send in the clear.
Fair call. One thing I have personally hated when shopping online is constantly switching between secure and insecure mode, as I can never be 100% sure what's going on where. Which is why, with this site, I wanted to ensure the whole site was completely SSL.
I do understand the speed impacts of running completely SSL, but fortunately I have plenty of resources coming out of my rear end for the size of this site. The main aim was to keep clients happy that they are using a totally secure site.
Do you think that I will encounter any roadblocks by using the method described? I'd like to go live the purchasing side of the site soon, as the physical shopfront is now open. SSL and Tax-Department correct PDF Invoices were the only things holding me back, hopefully all sorted now with the above script change!
Cheers :)
Michael
- 8
- 40
- 5/7/2010
- Australia
netwebdave wrote:
This is what I had done originally, but it only secures the cart, not the entire store.
As a side note: with my above change, (still using 1.6) - I have not hit any roadblocks with changing the entire site to SSL. Works like a charm.
To add SSL to cart the easy way, open web.config and change <add key="UseSSL" value="false" /> to <add key="UseSSL" value="true" />
Before you do this, ensure your site is SSL enabled.
Before you do this, ensure your site is SSL enabled.
This is what I had done originally, but it only secures the cart, not the entire store.
As a side note: with my above change, (still using 1.6) - I have not hit any roadblocks with changing the entire site to SSL. Works like a charm.