If you are running your hosting environment on Amazon EC2 and
have multiple nopCommerce sites setup, you will have no doubt got
your ELB setup with a valid SSL certificate then enabled 'UseSSL'
in the NopCommerce web.config.
Only to fire up the site, and find if you try to go to a secure
page the site ends up in a endless loop! This is because the
'IsCurrentConnectionSecured()' method in the 'CommonHelper' class
will not work and 'Request.IsSecureConnection' as it will never
return true (As the SSL termination is handled on the ELB).
There is a commented section in this method, which states if you
are in a load balanced environment to uncomment and use instead of
the current 'Request.IsSecureConnection' call.
Unfortunately this is for sharedSSL setups on hosting
environments like GoDaddy, and also will not work - Below is the
amended method, which will let you use nopCommerce with SSL on with
your secure ELB.
/// <summary>
/// Gets a value indicating whether current connection is secured
/// </summary>
/// <returns>true - secured, false - not secured</returns>
public static bool IsCurrentConnectionSecured()
{
var useSSL = false;
if (HttpContext.Current != null && HttpContext.Current.Request != null)
{
//useSSL = HttpContext.Current.Request.IsSecureConnection;
//when your hosting uses a load balancer on their server then the Request.IsSecureConnection is never got set to true, use the statement below
//just uncomment it
//useSSL = HttpContext.Current.Request.ServerVariables["HTTP_CLUSTER_HTTPS"] == "on" ? true : false;
useSSL = HttpContext.Current.Request.Headers["X-FORWARDED-PROTO"].ToLower() == "https";
}
return useSSL;
}
Hopefully this will save someone else the hours I spent trying
to find why the store wouldn't work!
