Making sure your pages always are on HTTPS
<p>In a recent project I’ve been working on, we needed to make sure certain pages were always on HTTPS. There are of course several ways of doing this, and our solution was to use HttpModule combined with class attributes and PageTypeBuilder.</p>
I’m not going to spend much time explaining how the HttpModules or attributes works (if you want the code for this, just contact me and I’ll send it to you). Instead I’ll just present a nuget package that you can install in your VS project: Epinova.SecurePages. You can get it from http://nuget.episerver.com/
After installing Epinova.SecurePages in your project you can start to mark your page types with the new RedirectToHttps attribute:
[Epinova.SecurePages.Attributes.Https(RedirectToHttps = true)]
Other properties for this attribute are:
- HttpsPort: Define which HTTPS port this page will use.
- Default: 443
- RemoveEPiServerEpsLanguageFromUrl: Remove the parameter “epilanguage" from HTTPS URL.
- Default: True
- RemoveEPiServerPageIDFromUrl: Remove the parameter “id” from HTTPS URL.
- Default: True
- StatusCode: Sets the HttpContext.Current.Response.Status for the new HTTPS URL.
- Default: 301 Moved Permanently
All default values can be edited from Tool Settings > Plug-in Manager > EpinovaSecurePages in EPiServer admin mode.
After you’ve marked your page types, the HttpModule will take care of the rest.
Note: Make sure Epinova.SecurePages HttpModule is registered after EPiServer’s FriendlyUrlRewriter.
Of course, attributes can easily be substituted with a page type property with just minor changes in the code (optionally alongside a Boolean value so that an editor can choose to turn this feature on/off).