Securing Front-end Login Page

Posted by Community Admin on 04-Aug-2018 12:51

Securing Front-end Login Page

Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 17-Mar-2015 00:00

I'd like to secure my front-end login page that contains the login widget with https in Sitefinity 7.3.  I know how to secure the entire front-end with https, but don't want to do that for performance reasons. 

When I set Require SSL on the login page, the login submission gets blocked by the browser due to the fact that localhost/.../SWT is not https.  This seems like it should be a simple thing but can't find any references on how to accomplish this without securing the entire front-end.

Here are my web.config settings:

Web.config settings:
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="https://localhost" requireHttps="false" />
<cookieHandler requireSsl="false" />

 

SecurityConfig.config settings:

    <securityTokenIssuers>
        <add key="956...E36" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
    </securityTokenIssuers>
    <relyingParties>
        <add key="956...E36" encoding="Hexadecimal" realm="https://localhost" />
    </relyingParties>

Posted by Community Admin on 24-Mar-2015 00:00

Hello,

Inside the page editor, if you edit the login widget you can specify the service URL. By changing the URL format to https you will be able to successfully authenticate.

Regards,
Sitefinity Laurent
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed