Wednesday, November 28, 2012

Mixed Http and Https Content with SharePoint 2010

Hello All,

                Securing your claims authenticated publishing web application specially FBA sites is very important if your content have very valuable data , but what all we need here is to secure the important pages in the site we are implementing (Registration – Forget password – Login – any pages with valuable data “Visa Cards, Enterprise data , etc …..”), the steps to approve that   is very simple .

1-      First you have to plan the architecture and permission levels for the anonymous and authenticated user (Optional)
2-      Then you have to configure SSL over your web application pool or the extended zone web application pool
3-      You will notice that during the implementation for SSL that Notice that even if you authenticate via https, your authentication isn’t recognized when you switch over to http. The reason for this is because SharePoint has hard-coded logic that says if it’s generating an authentication token for an https connection, then turn on the SSL Only flag on the cookie. An SSL Only flag means that the cookie can only be accessed via https. So as soon as you change the address to http, your authentication cookie is no longer recognized and you have to login again. The following post resolved this issue

Voila !! The important pages in your site is now secured , and can feel secure & safe J

Note: You can decide whether to secure the  whole site or specific pages in your site just a matter of implementation and your business needs

No comments:

Post a Comment