Call now! (ID:293591)+1-855-211-0932
HomemyHOSTshopAuthentication and Shared SSL – nopCommerce

Authentication and Shared SSL – nopCommerce

Something I do not understand with the shared SSL and how it could work

the nopCommerce installation is running as http://www.myshop.com

I want to use a shared SSL: https://myshop.myhost.com
(this is not a directory but a proper certificate installed in IIS)

I create a website in IIS 7 / win2008 and do the following binding:
http://www.myshop.com
https://myshop.myhost.com
after installing a certificate for myshop.myhost.com in IIS

I can navigate to both with no problem
http://www.myshop.com
https://myshop.myhost.com  

In nopCommerce global settings I have :
use SSL + shared SSL = https://myshop.myhost.com

Now if I navigate in the website
http://www.myshop.com
When I hit Login: it goes to https://myshop.myhost.com/Login.aspx
If I login it authenticates me for the domain myshop.myhost.com
Then I am redirected to the non SSL page: http://www.myshop.com
This is not the domain for which I am authenticated, the authentication cookie would not work, so I am not logged in!

So basically that cannot work in this configuration
The only way it to have a non shared SSL where both SSL and non SSL domain are the same, so i am authenticated in both.

Any viewpoint on this?

Try this link.

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx

Actually.  If its just a sub domain.

i.e you have shop.myhost.com and www.myhost.com you can do as below


  

thank you for the information, it was helpful.

The subdomain modification is working well

But I think that if we use different TOP domains for the shop and the shared ssl, then there is no simple solution.

The browsers themselves are persisting cookies per domain, so I would only be able to share cookies within the same top domain... so we would need to generate 2 authentication cookies within the same application

Reply


Source
Print Friendly, PDF & Email

Hits: 1



Tags:

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>