Securing Front-end Login Page
I'd like to secure my front-end login page that contains the login widget with https in Sitefinity 7.3. I know how to secure the entire front-end with https, but don't want to do that for performance reasons.
When I set Require SSL on the login page, the login submission gets blocked by the browser due to the fact that localhost/.../SWT is not https. This seems like it should be a simple thing but can't find any references on how to accomplish this without securing the entire front-end.
Here are my web.config settings:
Web.config settings:
<
wsFederation
passiveRedirectEnabled
=
"true"
issuer
=
"http://localhost"
realm
=
"https://localhost"
requireHttps
=
"false"
/>
<
cookieHandler
requireSsl
=
"false"
/>
SecurityConfig.config settings:
<securityTokenIssuers>
<add key="956...E36" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
</securityTokenIssuers>
<relyingParties>
<add key="956...E36" encoding="Hexadecimal" realm="https://localhost" />
</relyingParties>
Hello,
Inside the page editor, if you edit the login widget you can specify the service URL. By changing the URL format to https you will be able to successfully authenticate.
Regards,
Sitefinity Laurent
Telerik