Archive for March, 2010
This is the third in a series of posts detailing how to configure a partially SSL secured SharePoint site. In the previous post we covered how to enable SSL for the site. In this post we will cover how to force connections to use the correct protocol (HTTPS for sensitive data, HTTP otherwise). This is required so that if a user tries to browse to page that sends or displays sensitive data via HTTP (e.g. http://www.company.com/pages/login.aspx) they will be redirected to the HTTPS version of the page (e.g. https://www.company.com/pages/login.aspx – so they can login securely) and vice versa for pages like the homepage that should be delivered via HTTP so they do not incur the performance hit of encrypting and decrypting the page.
This is the second in a series of posts on securing mixed SSL sites in SharePoint. This post will cover how to configure a SharePoint forms based web application to allow SSL/HTTPS connections. The process involves setting up an SSL certificate and configuring IIS and SharePoint to allow requests over HTTPS.
The following steps assume that you have a SharePoint web application already set up using forms based authentication. If you need details on how to do this see the article on Technet titled “Forms Authentication in SharePoint Products and Technologies”. We will be using IIS 7 in this example but a similar process can be followed using IIS 6 using the SelfSSL utility.
Public facing SharePoint websites often contain a combination of content that is publicly available, and sensitive content that should only be shown to authenticated users (e.g. personal details like email, address and other account information). While SSL provides a mechanism for delivering the sensitive content over a secure connection it also has a performance overhead. This often results in a requirement to partially secure the site using SSL/HTTPS, but deliver the remainder of the site via HTTP. This is the first in a series of posts that show how you can accomplish this scenario using SharePoint.