Secure Pages (HTTPS)
Available from SCORE v2.0
SCORE website includes four interrelated features to handle pages security (https) All these features are already included into SCORE solution although some configuration is required to enable them.
Identify pages that should be delivered securely
The default SCORE page template does not include 'Require SSL' field. You will need to inherit your page templates from /sitecore/templates/Score/Base/SSL to enable it.
After you finish that step you can check 'Require SSL' is secured.
Use a custom link provider to render correct protocol
SslLinkProvider respects 'Require SSL' page field and will render a correct link to pages.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <linkManager> <providers> <add name="sitecore"> <patch:attribute name="type">Score.Custom.Links.SslLinkProvider, Score.Custom</patch:attribute> </add> </providers> </linkManager> </sitecore> </configuration>
SSL Detection
SSL detection is a little bit more complicated than simple protocol check. Often SSL encryption is offloaded from web server to Load Balancer. In this case Web Server will not get a request for using https protocol but instead Load Balancer will set a flag (typically a request will use a custom port or will include a special header) that could be detected by Sitecore.
SSL detection is implemented in SCORE as pipeline score.sslDetection and number of detectors are used as pipeline processors.
443 Port (HTTPS) Detector
Detector checks if incoming request uses port 443.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionBy443Port, Score.Custom" /> </score.sslDetection> </pipelines> </sitecore> </configuration>
Custom Port Detector
Detector checks if incoming request uses a defined port. The default port value is 8080. The sample below works similar to SslDetectionBy443Port detector.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionByPort, Score.Custom"> <Port>443</Port> </processor> </score.sslDetection> </pipelines> </sitecore> </configuration>
Forwarded Header Detector
Detects RFC7239 Forwarded Proto header. See http://tools.ietf.org/html/rfc7239#section-5.4 for more details.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionByForwardedHeader, Score.Custom"/> </score.sslDetection> </pipelines> </sitecore> </configuration>
X-Forwarded-Proto Header Detector
Detects industry de-facto standard X-Forwarded-Proto header. See http://stackoverflow.com/questions/13111080/what-is-a-full-specification-of-x-forwarded-proto-http-header for more details.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionByForwardedHeader, Score.Custom"/> </score.sslDetection> </pipelines> </sitecore> </configuration>
Custom Header Detector
Detects using secure connection if a request contains the header with the HeaderName name and value including HeaderValue. The sample below works similarly to SslDetectionByForwardedHeader
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionByHeader, Score.Custom"> <HeaderName>Forwarded</HeaderName> <HeaderValue>proto=https</HeaderValue> </processor> </score.sslDetection> </pipelines> </sitecore> </configuration>
Always Secure Detector
This detector does not perform any checks but always assumes that the request is secured.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <score.sslDetection> <processor type="Score.Custom.Pipelines.SslDetection.Detectors.SslDetectionAlwaysDetected, Score.Custom"/> </score.sslDetection> </pipelines> </sitecore> </configuration>
Redirect user to correct URL
The processor below checks if the request is secured and compares that request with page 'Require SSL' flag. It redirects the request to the correct protocol if the request and page security settings do not match.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> <sitecore> <pipelines> <httpRequestBegin> <processor patch:after="*[@type='Sitecore.Pipelines.HttpRequest.ItemResolver, Sitecore.Kernel']" type="Score.Custom.Pipelines.HttpRequest.SslVerificationProcessor, Score.Custom" /> </httpRequestBegin> </pipelines> </sitecore> </configuration>