Managing SSL Transitions

While getting ready to roll out some new functionality for Community Megaphone, I decided to go ahead and add an SSL cert to the site to support SSL encryption of credentials used by event approvers and other site features.

Although it had been almost a decade since the last time I’d dealt with installing an SSL cert, the process of purchasing and installing the cert was very straightforward, thanks in part to the excellent support from the folks at ORCS Web, inc., who host Community Megaphone.

What’s typically trickier is managing the transition between secure and unsecure pages. Since most sites, including Community Megaphone, use primarily relative links in order to make link management easier, once you’re on a secure page, you end up staying in the https scheme until you encounter an absolute URL without the https. Given that there are perf costs to using SSL, this is not ideal.

After a little searching, I ran across a project on The Code Project called WebPageSecurity that automates the process of managing the transition between SSL and non-SSL pages. With the component deployed, you use a custom config section to tell it which pages should use SSL, and which don’t, and it automatically handles the transitions.

A nice little helper, and so far, it’s working like a charm.