You may have read in one of our recent articles that HTTPS is now a Google ranking signal, and that in the near future fully secure websites will be favoured over non-secure sites. With this in mind, Xanthos has just launched a new fully secured website for a client, York & Freeman, which is built using the popular AspDotNetStorefront(ASPDNSF) e-commerce framework. Of course ASPDNSF checkout process has always been run on HTTPS. The trick was to get the whole site to work on HTTPS with Worldpay as a payment gateway.
How did we make secure AspDotNetStorefront fully secure?
Once you have the SSL certificate installed, applying HTTPS to the whole of an AspDotNetStorefront site is actually quite straight forward. There are only a few steps to follow, and a few lines of additional code. You will need source code to make the code changes.
Normally on launching a new site you need to set the AppConfig value for “UseSSL” to true. This ensures that the checkout pages are secure. However as we wanted the whole site wo use HTTPS, we set the AppConfig value for “UseSSL” to false.
The next step is to change the code to invoke HTTPS for all pages. The code below will check the requested URL and redirect from HTTP to HTTPS.
Find the “Custom_Application_BeginRequest_Logic” method in the class “AppLogic.cs” (part of ASPDNSFCore), before “return true;” and add the following code:
if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && AppLogic.OnLiveServer())
HttpContext.Current.Response.Redirect(“https://” + HttpContext.Current.Request.ServerVariables[“HTTP_HOST”] + HttpContext.Current.Request.RawUrl);
The redirect will execute when the requested URL is HTTP AND the site is on a live server.
Step 3 for Worldpay Gateway
If you are using Worldpay (we haven’t tested other payment gateways yet), you will need to make additional changes. When testing our implementation of the above code with the Worldpay gateway, the callbacks failed as they tried to access the worldpayreturn.aspx page over HTTP. To solve this issue, you will need to modify the “GetStoreHTTPLocation” method. The following if statement which is part of the “GetStoreHTTPLocation” method was modified from:
if (TryToUseSSL && AppLogic.UseSSL() && AppLogic.OnLiveServer())
if (TryToUseSSL && AppLogic.OnLiveServer())
The callback failure is caused simply by “UseSSL” being set to “false”, and removing this check from the if statement solved the issue.
Test, and test again.
Feel free to get in touch if you need any guidance on HTTPS for AspDotNetStorefront.