Deliver Awesome UI with the most complete toolboxes for .NET, Web and Mobile development
Automate UI, load and performance testing for web, desktop and mobile
A complete cloud platform for an app or your entire digital business
Detect and predict anomalies by automating machine learning to achieve higher asset uptime and maximized yield
Automate decision processes with a no-code business rules engine
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premises data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
Personalize and optimize the customer experience across digital touchpoints
Build, protect and deploy apps across any platform and mobile device
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
In addition to the settings you have enabled, you can try enabling the cookieHandler requireSsl="true" in the web.config and also enabling https for the federated authentication:
Instead of opening a new issue, I thought I'd continue with this one.
I have successfully applied backend only SSL to a site. This is without having the cookieHandler requireSSL set to true.
Now, setting requireSsl="true" on the cookieHandler works fine, except when you get to edit a page (front end pages are all run over http). Sitefinity gets stuck in a redirect loop (I guess because the editing occurs over http, but it's trying to do the token over SSL).
Is there any way around this issue? Using Sitefinity v7.1 with claims auth btw.
What part of the edit page process doesn't work?
Loading or publishing the page?
How have you enforced SSL on the backend?
I believe there is an issue where you need to run the workflows of http.
Me, I use UrlRewrite to enforce SSL and have a negate rule for the Workflow
<add input="URL" pattern="^/DefaultWorkflows" negate="true" />
I simply followed the instructions here http://www.sitefinity.com/developer-network/knowledge-base/securing-a-sitefinity-backend-with-ssl, including making the whole backend require SSL per page and changing the workflow base url.
Without having the cookieHandler requireSsl="true", everything works great, all seems to be going over SSL, it automatically goes to SSL for login etc. But if you follow http://www.sitefinity.com/documentation/documentationarticles/secure-cookies (specificially the cookieHandler requireSsl="true" part), it gets stuck in a redirect loop (looking at the network traffic) when you just try to go and edit a page (click pages on backend, click on page). All frontend pages are set without "Require SSL", and in the sitefinity settings I don't "force" redirect to http if not set.
I've tried the rewrite rule, but that does the same thing or worse (redirect loop on frontend as well). Seems the "Require SSL" that's not ticked on frontend pages conflicts with the cookie going over SSL.
I'd like to note :
Going to for instance /home/Action while on the ssl backend (pages) sends the cookies over ssl. But this then does a permanent redirect to /home/Action over http, so the cookies are definitely sent over http.
Ok. So the issue is that if you want to run frontend over http but backend over https, there will be a conflict because even in edit mode, there's a forced redirect to http ("Require SSL" is not ticked). Seems you can't easily - without replacing the frontend route - have the frontend run over http but the page edits run over https.
I'll go with one of the other ways to get the whole site running under https (without requiring content editors setting the "Require SSL" manually).