Did you ever have a chance to work on Login control for SharePoint which sends user’s credentials on SSL and rest of the stuff non-secured? I found few of the good links which suggest creating our own custom Cookie handlers.
Microsoft SharePoint Team has written their own cookie handler specific to SharePoint which does not allow authentication token being generated on a secured connection to be used under non-secured. 1st thing, Do you see any kind of harm in overriding this behavior of SharePoint’s cookie handler with our own custom one ? Second,I was able to transfer back the cookies using this approach as in the links below, but current context was lost, and user remained to be logged off !!!
References:
- http://www.sp2010hosting.com/Lists/Posts/Post.aspx?ID=5
- http://blogs.visigo.com/chriscoulson/mixed-http-and-https-content-with-sharepoint-2010/
- http://www.sharepointconfig.com/2010/04/partial-ssl-sharepoint-sites-login-over-http-from-http-pages/
Steps I followed:
1. Extended the current setup on SSL . Made it working similar to the default zone application ( including resource files and web.config entries,manual dll etc.)
2. Set the postback url for login button.
3. Made the URL rewrite entries as suggested in both zones. ( these are spread across multiple links, REQUEST_METHOD is additional to https ON rule) URL rewriting can be done very easily with an IIS extension provided by Microsoft.
4. Created the custom handler as suggested and replaced it with SharePoint one.
5. Set the required SSL for cookies to false, so that they may be used on non ssl also.
Reply 1
The two bindings should be given under same zone , only then it works. I was giving the alternate access mappings under different zone.
So with custom cookie handler with both end point under same zone , it works! !
Reply 2
Hello hemantrhtk
Thank you for your post.
This is a quick note to let you know that we are performing research on this issue.
Thanks,
Pengyu Zhao
Reply 3
The two bindings should be given under same zone , only then it works. I was giving the alternate access mappings under different zone.
So with custom cookie handler with both end point under same zone , it works! !