This project is read-only.

Testing Orchard with SSL on WebMatrix

Topics: Troubleshooting
Aug 17, 2011 at 11:14 AM
Edited Aug 17, 2011 at 11:14 AM

Dear Orchard guru's,

At the moment I'm testing Orchard on a local WebMatrix system. I can enable SSL in WebMatrix and the Orchard plugin.

I've configured the plugin to requir SSL for the admin pages. But when I point to the admin page it won't work and I get nothing. (Edit: I see a 302 error) Could this probably do with the settings in the website? Base url is http://localhost:48145/ but the SSL connection requirs another port.

I hope someone could send me in the right way!


Aug 17, 2011 at 1:39 PM
Edited Aug 17, 2011 at 1:39 PM

Ok. Here is some more information cause I get it to "work."

Base url: http://localhost:48145/
Url for SSL: https://localhost:44300/

Enable SSL on specific pages: * (Wildcard cause the whole site needs SSL.)

When I go to the website through the base url I get redirected to the https page. Only problem is that it goes to https://localhost, without the port number.

It does however works! When I manualy got to https://localhost:44300/ I get the secure website.

Maybe it's better to contact the plugin developer cause I think the plugin needs to have an option for the secure path.

Aug 17, 2011 at 7:21 PM

If think you should contact the plugin developer, and I also think it's me :/

Aug 18, 2011 at 9:37 AM
sebastienros wrote:

If think you should contact the plugin developer, and I also think it's me :/

Thanks for the reply Sebastien. Yes you are the developer, so go and fix it! ;)

Do you need some more information? Or do you want me to contact you through email?

I've placed the Orchard site on a normal test server and everything works fine. So I don't have that big a problem with it now.

Aug 18, 2011 at 6:51 PM

Actually there is something else that this module should do. When authenticated using SSL, it should not switch back to HTTP right after, but should force SSL mode while the user is authenticated. This can lead to a security issue and leaked auth cookies.