How to configure the Commerce Server 2007 Starter Site to work with an SSL offloader

This article describes how to configure the Microsoft Commerce Server 2007 Starter Site to work with a secure socket layer (SSL) offloader. Between the appliance and the Web server, the connection is not encrypted HTTP. When you try to access a secure page, the Starter Site will warn you about connections that are not encrypted. This occurs because the Starter Site is written to require an encrypted channel.

To configure the Commerce Server 2007 Starter Site to work with an SSL offloader, follow these steps:

1. In the Web.config file for the Starter Site, locate the element that resembles the following.

   <commerceSite �>

2. Add or modify the requireSSL property, and then set the value to false.
3. Add or modify the useSecureUrls property, and then set the value to true.
4. In the Web.config file for the Starter Site, locate the following element.

   <configuration>
   	<authentication>
   		<forms ..>
   

5. Change the value of the loginUrl property to contain the absolute URL path of the logon page. For example, set the loginUrl property to a value that resembles the following:
   https://example.com/StarterSite/User/Login.aspx
6. In the Web.sitemap file, change all the URLs that begin with ~/Profile/ so that they start with the absolute URL path of the profile section. For example, change the URLs to resemble the following:
   https://example.com/StarterSite/Profile/Default.aspx
7. In the User\Login.aspx.cs file, add the following code to the end of the LoginForm_LoggedIn method.

   string returnUrl = Request.QueryString["ReturnUrl"];
   if (String.IsNullOrEmpty(returnUrl))
   {
       returnUrl = "~/";
   } 
   Response.Redirect(returnUrl);