SharePoint and SSL

There are some times where I just wonder why SharePoint is so popular. I had an instance where a client would like to have the login page secured. This would require the login page (forms based authentication) to have an ssl certificate. Since I had setup sharepoint to use SSL in the past I did not think of this being an issue. That turned out to not be the case.

The original issue was that when you extend the site to use ssl it is the entire site you are setting to use ssl (https) so you need to then add an alternate access mapping for non http. That part was somewhat straight forward, however I thought I could setup the extension using http and then make an alternate mapping for https, that did not work. So once I followed the above steps, we were free and clear.

The real issue began when I wanted have the login.aspx page be in https. How do you tell sharepoint to do this. I figured a simple solution was to use the web.config and use the forms authentication loginurl paramter. This caused the login.aspx page to be in https but it did not allow for the postback to work. For some reason sharepoint would not accept the postback when the full path was used in the loginurl setting.

Since the login.aspx page is generated by sharepoint and does not have a code behind I could not write in a simple call to the context to check if the page was secure. I ended up using javascript on the login page to do the redirection on page load.

Here is the code below. I hope this helps someone, so they don’t have to deal with some of these strange things that SharePoint provides us.

Leave a Comment