You shouldn't need to move the usercontrols since the usercontrols aren't accessed directly by any url. Instead, you'll use a macro that calls the .net control for the contact form (put the macro on the template for the contact form, or in the richtext editor on the contact form's page).

Then, simply link to the contact form and specify that you want https: instead of http: when you make the link.

You might want to use a rewrite rule or some other checking (perhaps in the contact form control itself) to redirect to https if the request comes in on http only.

Or have I misunderstood what you're asking?

cheers,
doug.

I think I understand how your host is doing this - using a single SSL site off their domain, ie. https://secure.yourhost.com/yoursecurefolder

This way is problematic with the kind of setup Helm expects - Douglas straightforward solution I think would only work with if you had your own SSL cert installed so you could access https://www.yourdomain.com

The only easy way round this I can think of is to place just a standalone .Net form page/code inside this shared SSL folder, then use an Iframe to include it in the contact page. A bit of a pants solution as far as usability is concerned but definitely a work-around? (The contents of the iframe will then be secured)

brainfart - I meant Umbraco not Helm in the second paragraph

Hi

I thought about the iframe-workaround as well... But its not pretty.

Doug you say, just link to https://domain.dk/contact.aspx , right? But the 'rewrite rule' i don't understand (sorry :-). What do you mean by that?

Mayby I should say, that I'm quite new with Umbraco :-)

I'm not an expert in url rewriting (though there are many in the community who are), but what I was thinking was something like that recommended by 'Kalpa' at http://forum.umbraco.org/yaf_postst3224p2_SSL-and-umbraco.aspx. You may also find that the approach within IIS noted by 'JHodgkinson' would be appropriate.

That forum thread is about securing the /umbraco/umbraco.aspx page, but the theory would be the same for any page.

Hope that helps.

cheers,
doug.

This is the URL rewriting rule I used for ensuring https:

    <add name="EnforceSSLForLoginPage"
      virtualUrl="http://(.*)/login"
      rewriteUrlParameter="ExcludeFromClientQueryString"
      destinationUrl="https://$1/login"
      ignoreCase="true"
      redirect="Domain"
      redirectMode="Permanent"/>

I also wrote a little library to extend NiceURL so I could call that from my code and XSLT that could write a fully qualified https path depending on paramenters passed into it.

Doug,

You said "Then, simply link to the contact form and specify that you want https: instead of http: when you make the link." Are you saying there is an option when creating a link in content to choose https? I can't see this if it exists. This was the only thing I couldn't automate for my users which is why I set up the rewriting rules.

It would be nice for Umbraco to have HTTPS built into it for content and not just the Umbraco back-end. So that NiceURL would generate links based on a page setting....

Cheers

Paul

Looking at the support docs for your host you should be able to access your site through their shared SSL.(http://www.mochasupport.com/kayako/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=326).

You could also get a static IP and a private SSL security specifically for your site (so you could use https://yourdomain.com as well as http://) for only a few dollars a month.

I don't know your exact setup but I figure something like this may work using the shared SSL: (change the contact-form-page.aspx and servername.mochahost... parts)</p> <pre class="prettyprint"><p><span class="pln">    </span><span class="tag"><add</span><span class="pln"> </span><span class="atn">name</span><span class="pun">=</span><span class="atv">"EnforceSSLForContactPage"</span><span class="pln">
      </span><span class="atn">virtualUrl</span><span class="pun">=</span><span class="atv">"http://(.*)/contact-form-page.aspx"</span><span class="pln">
      </span><span class="atn">rewriteUrlParameter</span><span class="pun">=</span><span class="atv">"ExcludeFromClientQueryString"</span><span class="pln">
      </span><span class="atn">destinationUrl</span><span class="pun">=</span><span class="atv">"https://servername.mochahost.com/~yourdomainname.com/contact-form-page.aspx"</span><span class="pln">
      </span><span class="atn">ignoreCase</span><span class="pun">=</span><span class="atv">"true"</span><span class="pln">
      </span><span class="atn">redirect</span><span class="pun">=</span><span class="atv">"Domain"</span><span class="pln">
      </span><span class="atn">redirectMode</span><span class="pun">=</span><span class="atv">"Permanent"</span><span class="tag">/></span>

<add name="EnforceSSLForContactPage"
      virtualUrl="http://(.*)/contact-form-page.aspx"
      rewriteUrlParameter="ExcludeFromClientQueryString"
      destinationUrl="https://servername.mochahost.com/~yourdomainname.com/contact-form-page.aspx"
      ignoreCase="true"
      redirect="Domain"
      redirectMode="Permanent"/>

Try that! Just tested it on my latest Umbraco local dev site and it works ok for the rewrite

Mochahost looks like quite a good option for shared SSL - I thought they would have had a separate folder that you upload to that is accessible via the shared SSL, it appears in fact that you can access your entire site through the shared SSL (allowing you to do the rewrite and keep everything in Umbraco).

Douglas - the alternate URL isn't going to cause any problems with Umbraco is it?

is working on a reply...