Conditional SSL?

[peterH]

I've got an app that some customers want to run as a secure site and some couldn't care less (but they may change their minds down the road). So right now I've got two versions of the same app (well only one, but I must remember to compile it twice).

Is it possible to make it conditional whether to start an app as secure or not? I'm thinking in terms of loading a value from an ini file or something.

IOW it would be nice if the first few prompts on the security tab would accept variables (or maybe a new embed at the right place in nettalk.tpl).

TIA
Peter

[kevin plummer]

Yes you can already in the webserver procedure

  GlobalErrors.SetProcedureName('WebServer')
! [Priority 800]

-> conditional code here

You might want to look at what source code is created for SSL first so you can copy it and wrap it in your condition. It will be close to this embed.

[Bruce]

Set up your app as if it is secure. ie set the certificates and so on.

right click on the WebServer procedure, and choose "source".
Search for the line;

ThisWebServer.SSL = 1

In the next embed after that line add

if whateverTest
  ThisWebServer.SSL = 0
End

You probably also want to use a local variable for the port number, and you can set this variable at the same place in the code.

Cheers
Bruce

[peterH]

It turned out I had written the code already - just in the embed immediately _before_ the values are being set by the template. SIGH!
(RTFSC=Read The F***** Source Code)

Thank you both
Peter

[urayoan]

Hello peterH

In my case, the approach i use in set two NetTalk or NetSimple Object in the web server procedure. One is without any encryption and the second is always with encryption.

one is called ThisWebServer and the secure one is called ThisSecureServer. The ports needs to be different in the two objects. The unsecured one run in standard port 80 and the Secure Server in the standard port 443 (you can use the ports you want or even make it variable)

This approach makes the application SSL ready out of the box.

Virtually you can access the app in both ports.

Usually in the future, the client wants to change the unsecured port to a secured one, but without using the https://mydomain:443

To make the transition easy to the client, i set an embed point with this code

   IF GloSSLFlag = 1
     ThisWebServer._AlwaysRedirect = 1
     ThisWebServer._RedirectToHttpsPort = 443 !or your preferred secure port
   END!If

The embed point is set at the Enter Procedure Scope in the Window Manager

The trick here is, if a user hits the unsecured server in port 80 without encryption, the web server redirects the user to the secure port.

In my case works like a charm. I think may be useful to you too.

If you need an example let me know, but example web9 Always SSL use a similar approach

[peterH]

Hi Urayoan,

That's a nice approach!

Thank you for sharing.

Peter

[urayoan]

Your welcome peterH