HTTPS

Partial HTTPS

Sana Commerce can also be configured so that a part of the frontend webshop runs on HTTPS (not supported for the Sana Commerce backoffice). For example, it is possible to run only the order process on HTTPS.
 
To accomplish this, first you should determine which pages have to run secure and which not. This separation is done on a physical file level, so it is not possible to configure one content page to be secure and another not. When such a requirement is desired a separate template has to be created.
Complete all steps from this chapter to install a SSL certificate for the webshop(s).
  • Open the 'web.config' file of the Sana Commerce frontend web application in any text editor.
  • Locate the 'httpModule' configuration section and uncomment the 'SSLModule' line. This ensures that for all ASP.NET requests the SSL Module is called.
  • Now locate the 'secureWebPages' configuration section and uncomment it.
  • Specify the encrypted and unencrypted URLs on which the Sana Commerce frontend is running. Make sure the attribute 'Mode' is set to 'On'.
  • All pages that should be secure can be specified in the files node. To add a page, paste an extra line of this format: <add path="FILENAME" /> where FILENAME should be replaced with the name of the file that should be secure. To (temporarily) set a page to insecure (HTTP) add the attribute secure="Insecure" to this node.
  • If a webshop is multi-language specify in the <files> configuration section all language-specific pages. These pages must be specified for all languages available in the webshop:
    <files> 
    <add path="en-us/profile/login.aspx" />
    <add path="nl-nl/profile/login.aspx" />
    ...
    </files>
  • All directories that should be secure can be specified in the directories node. To add a directory, paste an extra line of this format: <add path="FOLDERNAME" /> where FOLDERNAME should be replaced with the name of the folder that should be secure. When setting the attribute 'recurse' to "True", all content in this folder will be secure and thus only available through HTTPS.
  • If a webshop is multi-language specify in the <directories> configuration section all language-specific checkout directories. These directories must be specified for all languages available in the webshop:
    <directories>
    <add path="en-us/checkout" recurse="True" />
    <add path="nl-nl/checkout" recurse="True" />
    ...
    </directories>
    The pages of the 4th checkout step which are not language-specific must be also specified. To do this add an extra line to the <directories> configuration section:
    <add path="checkout" recurse="True" />
    

  • To prevent problems with access to the 'App_Themes' folder and 'content' folder specify next directories in the <directories> configuration section:
    <add path="App_Themes" recurse="True" secure="Ignore"/>
    <add path="content" recurse="True" secure="Ignore" />