Hey all, I went looking at the existing system and came up with a fairly easy proceedure to force your GCN site to use SSL for the delicate Login and Register pages. You could choose to use it for anything by just adding to the list found in the CheckToSecurePage proceedure.

All code here is in C#.

First, you need to add a key to your web.config file. I did this so I could easily turn on and off my SSL.

<add key="forceUseOfSecureHTTP" value="false" />

Add this to the <communityStarterKit><services> section of web.config

Like this:

<communityStarterKit>
.......
<services>
<add key="enableServiceTimer" value="true" />
<add key="forceUseOfSecureHTTP" value="false" />
</services>

Next I added the following procedure to \Engine\Framework\BaseClasses\CommunityGlobals.cs

public static void CheckToSecurePage(System.Web.HttpContext Context)
{
bool SecurityEnabled = false;
NameValueCollection nvc = (NameValueCollection) ConfigurationSettings.GetConfig("communityStarterKit/services");
try //use the try catch in case the key does not exist.
{
SecurityEnabled = bool.Parse(nvc[ "forceUseOfSecureHTTP" ]);
}
catch
{
SecurityEnabled = false;
}
if (SecurityEnabled)
{
string pagename = Context.Request.RawUrl.ToLower();
bool needSecure = false;
if (pagename.IndexOf("users_editprofile.aspx") > 0) {needSecure = true;}
if (pagename.IndexOf("users_login.aspx") > 0) {needSecure = true;}
if (pagename.IndexOf("users_register.aspx") > 0) {needSecure = true;}
if (needSecure && !Context.Request.IsSecureConnection)
{
{Context.Response.Redirect("https://" + PrimaryDomain + Context.Request.RawUrl);}
}
else if(!needSecure && Context.Request.IsSecureConnection)
{
{Context.Response.Redirect("http://" + PrimaryDomain + Context.Request.RawUrl);}
}
}
else if (Context.Request.IsSecureConnection)
{
Context.Response.Redirect("http://" + PrimaryDomain + Context.Request.RawUrl);
}
}

Finally, you go to the default page handler for all requests in the application, communityDefault.aspx in the root directory. Simply call the above procedure as the first line of the Page_Init procedure.

public class communityDefault : System.Web.UI.Page
{
void Page_Init(Object s, EventArgs e){
CommunityGlobals.CheckToSecurePage(Context);

hey that's pretty cool. Did you change the registration part too to make it safer? I notice CSK lets you register right then and there, while most sites make you enter a valid ID and send the password or confirmation to the mailbox.

I didn't change the registration, but I'm actually using a more hands on security model. The "Community-Authenticated" role doesn't have any more rights than the "Community-Everyone" Role. I added a mod that sends an e-mail to all the members of the "Community-Administrators" role when there is a new registration. Then one of the Admin review the new registration, and if it's cool, adds the user to the "Community-Verified Members" role.

This is primarily being used for a small site for my church, and we're trying to limit the number of duplicate registrations because we're doing a default load of existing church members into the User's table.

I know somebody has written a mod that does just what you're talking about, where a random verification id is sent to the user before their membership is activated. Search here or the CSK sections to find it.

For my usage, I'm not so concerned that a person has entered a valid e-mail as verifying that the person should have access to the site in the first place.

This is an awesome mod - thanks a lot for posting!  I tried this on my site, and it's working great!

Sir,

I am new to this SSL .I am using asp.net with c#.net projects using visual studio 2008.can you give me the sample project for that plz.

I'm waiting for ur valuable reply.

Thanks in advance,

Vimala lakshmi. 

 

 

 

 Hi,

You can get some help from here: http://msdn.microsoft.com/en-us/library/ms998310.aspx

http://support.microsoft.com/kb/910444

Thank you for this tutorial.

Can this work with godaddy SSL??