Forums (Obsolete)

Member

Scott - 2/15/2010 11:24:37 AM

SSL on localhost

The require SSL setting (page security or admin setting for Site Manager or CMS Desk) should be ignored for localhost.

Since we develop locally with VS web server we cannot turn SSL on. Since we use content staging to get our changes from dev to staging (and then to production) anytime we set these settings in staging environment, they get changed when we do content staging the next time.

It is not practical to use content staging for everthing except this change because we may make other changes to the page that does need to be staged. It is also not practical to use IIS for development. Ideally Cassini would support HTTPS requests, but it doesn't.

An easy fix would be to (either 100% of the time or based on user setting) ignore the SSL requirement on localhost. Then we could make all settings as they should be and not worry about them in staging process.

Is this a choice that I've just missed somewhere?

Kentico Consulting

kentico_mirekr - 2/16/2010 8:21:57 AM

RE:SSL on localhost

Hi,

I’m sorry, but I disagree here. This behavior is by design. How would you determine that the web site is running on localhost? According to web site domain name or according to domain alias?

I’m personally using SSL for localhost also. The web site can run on localhost on the IIS also, so the SSL setting makes sense for localhost here.

Best regards,
Miroslav Remias.

Member

Scott - 2/16/2010 11:43:51 AM

RE:SSL on localhost

How about you use the .NET framework to tell you if it is a local request?

if (!Request.IsLocal)
{
// do SSL redirection
}
else
{
// don't
}

And just because it makes sense for you doesn't mean it makes sense for everyone else's development teams. It certainly doesn't make sense for people developing on XP with only one website allowed in IIS. Each time they work on a different project they have to change IIS. Otherwise they have to use virtual directories which adds deployment risk because the paths are not the same as in production. It also doesn't make sense for teams where everyone has to ensure that their setups are identical.

IIS is a very impractical option for us for development (that's why Microsoft includes the built-in web server with Visual Studio) and we'd really prefer to avoid that at all costs. Please consider all of your customer's scenarios before deciding that your current usage is the best, or only, way to develop.

Thanks.

Kentico Consulting

kentico_mirekr - 2/19/2010 6:17:29 AM

RE:SSL on localhost

Hi,

As I previously said some of the users are testing the SSL functionality also on localhost. We can no just like that ignore SSL functionality on localhost.

Maybe we can add some setting were you will be able to specify which domains should be excluded from https processing.

However, on your request, I have forwarded your requirement to our product manager and he will consider it. Thank you for your opinion and for the requirement.

Best regards,
Miroslav Remias.