Having done some reading I've seen various examples on how to run a script to set the requiressl property on every page in the site which doesn't seem like much of a fix as if our client adds a new page then the script will need to be run again which quite frankly goes against the purpose of having a CMS.
The Require SSL property is available from the Title and Properties menu for every page. The purpose of the script is to conveniently set it to true for all the available pages, so you do not have to go each individual page and manually enable it. After that, when your client creates a page, they will need to tick the Require SSL box:http://screencast.com/t/3Ses5AJCCw1A In addition to this you need to have the http and https bindings configured on IIS to use the default ports.
I see your point. There is a way to enable Require SSL by default for all newly created pages.
An easy way to automate this process is to override the default PagesService and set RequireSSL when a page is saved. Let me elaborate on the recommended approach.
You can inherit form PagesService, and in SavePage method where the WcfPageContext is available, set the Item (page) RequireSsl to true, then pass control execution to base - this should deliver the same results as with the default service, with the only addition that each newly created page will be saved with RequireSsl = true;
PagesServiceCustom : PagesService, IPagesService
WcfPageContext SavePage(WcfPageContext pageContext,
.SavePage(pageContext, pageId, providerName, duplicate);
<%@ ServiceHost Language="C#" Debug="false" Service="SitefinityWebApp.PagesServiceCustom" Factory="Telerik.Sitefinity.Web.Services.WcfHostFactory" %>
Unfortunately yes. This solution is for users who want their pages to be under SSL all the time. I had an idea to use revision history to check if the page was published for the first time or it had been published before and depending on that the current status of ssl setting to determine if the user wanted this page to be under ssl or not. However, that did not work as expected.
In your case, the best solution would be to run the ssl code to enable it for all current pages and instruct your users to keep this setting in mind. I will note this in our feedback that it would be good if this setting is configurable.
If you want all requests to always use HTTPS, another option is to use the IIS plug-in "URL Rewrite" to redirect HTTP requested URLs as HTTPS. URL Rewrite would insert code like the following into your web.config file:
"Redirect to HTTPS"