How to Require SSL on a specific Page Type but not on the parent page

Question

I'd like to know if Kentico has a "best practice" way to ensure the Requires SSL property is set as Yes on a specific Page Type, without inheriting the property from the Parent page.

I have researched this and have implemented a working solution (below) but am interested to know if there is a better "out of the box" solution that I may have overlooked.

We are using Kentico v8.2 with ASPX + Portal Page Types.

Our technical requirements

1. Serve the parent listing page over HTTP or HTTPS
2. Serve the child pages over HTTPS only

Our use case scenario

The user browses a page listing Job Vacancies. The user opens a specific Job Vacancy page which contains an Application Form. The user is confident entering personal details into the Application Form as the page is served over a secure connection.

Considered solutions

The closest "out of the box" solution I could find was to set the parent listing page to Require SSL = Yes and then inherit this on the child pages, however this doesn't meet our technical requirement to allow the listing page to be served over HTTP.

I also decided against manually setting Requires SSL = Yes on each child page as I didn't want to place this burden on the CMS Editors, give them more permissions than necessary and open it up to human error.

Current solution

So I ended up writing a Custom Event handler to set the Requires SSL property on Document Insert or Document Update events.

Initially I was doing this based on Page Type (Node.ClassName) but changed it to be based on a Field value so that I could more easily apply this to other Page Types by simply adding a field without refactoring my code and deploying a DLL.

[CustomEvents]
public partial class CMSModuleLoader
{
    private class CustomEvents : CMSLoaderAttribute
    {
        public override void Init() { 
            DocumentEvents.Insert.Before += Document_Insert_Before;
            DocumentEvents.Update.Before += Document_Update_Before;
        }

        void Document_Insert_Before(object sender, DocumentEventArgs e)
        {
            SetRequiresSSL(e.Node);
        }

        void Document_Update_Before(object sender, DocumentEventArgs e)
        {
            SetRequiresSSL(e.Node);
        }

        private void SetRequiresSSL(TreeNode node)
        {
            //if RequiresSecureConnection field is equal to true
            if (node.GetBooleanValue("RequiresSecureConnection", false))
            {
                //if Requires SSL is not Yes
                if (node.RequiresSSL != 1)
                {
                    //set Requires SSL
                    node.RequiresSSL = 1;
                }
            }
        }
    }
}

Related urls

• https://docs.kentico.com/display/K8/Configuring+SSL
• https://docs.kentico.com/display/K8/Reference+-+Global+system+events
• https://docs.kentico.com/display/K8/Handling+global+events

Answer 1

You can achieve out of the box without any customisation and still make it editable if you use the system attribute on the page type:

• Open you page type
• add a new field
• select Field type : Page field
• select Group : Node fields
• select field name : RequiresSSL
• enter a default value : 1 (which is YES for this type)
• Deselect the Display field in editing form so the editor wont see it.

This way all pages created based on this page type will have the RequiresSSL preselected. And it's still adjustable.

David