SSL and EnsureNonSSL in 2.3

Hi all,

In the webforms version of nopcommerce we had EnsureNonSSL to show some pages as http rather then https.
I am working in nopCommerce 2.3 and need the same functionality. I would like to have only sensitive pages secured by https and the rest not. How do I do that in 2.3. I am afraid that SEO suffers if all pages are under SSL.

Any suggestions are appreciated.
Oliver

Ok I added this to the BaseNopController... and it seems to work...

Oliver

protected override void OnAuthorization(AuthorizationContext filterContext)
        {

            //the NopHttpsRequirement set on the Controller Action will handle redirecting to Https. 
            // We just need to handle any requests that are already under SSL but should not be. 
            if (Request.IsSecureConnection)
            {
                Boolean requireHttps = false;
                requireHttps = filterContext.ActionDescriptor.GetCustomAttributes(typeof(NopHttpsRequirementAttribute), false).Length >= 1;


                //If this request is under ssl but yet the controller action 
                // does not require it, then redirect to the http version. 
                if (!requireHttps && !filterContext.IsChildAction)
                {
                    UriBuilder uriBuilder = new UriBuilder(Request.Url);

                    //change the scheme 
                    uriBuilder.Scheme = "http";
                    uriBuilder.Port = 80;

                    filterContext.Result = this.Redirect(uriBuilder.Uri.AbsoluteUri);
                }
            }

            base.OnAuthorization(filterContext);
        }

I could not find this in the core code... would be nice if this could be added...

Darn... did some more testing... and it does not work correctly... Do not integrate this as of right now....

All associated Actions need to be dressed with [NopHttpsRequirement(SslRequirement.Yes)] in order for it to work...

Hi Oliver,

Have you got any further with this? I'd have thought it need to be a stanard feature in most sites.

Darren Pegram

Does anyone know if there's a reason why all pages in nop are set to use https when it's enabled instead of just the admin site, login, and checkout pages? It would make more sense to me that only the pages throughout the site that need it should have it.

Hi,

I've just been dealing with this issue. If you add the namespace

using Nop.Web.Framework.Security;

and

[NopHttpsRequirement(SslRequirement.No)]

directly above the controller class e.g.

  [NopHttpsRequirement(SslRequirement.No)]
    public class HomeController : BaseNopController
    {etc etc...

you're site will redirect back to http

You'll probably want to do this for all the controller except those you mention in your post.

Hope this helps

Darren Pegram

I did it the other way around using the code I posted above and then add [NopHttpsRequirement(SslRequirement.Yes)]
to all actions that are SSL...

ShoppingCartController
CheckoutController
CustomerController
OrderController

It works well for me... Just a pain when it comes upgrade time...

Oliver

mcselasvegas wrote:

Do you need to compile the project? It took me a long time to find out that this was caused by the new nop version (23). I am not a programmar and I want to get rid of the https on normal pages. How do I do it?