securityCheck control


Every .aspx page in OrderCentral requires the securityCheck control to be in place.

At the top of the page: <%@ Register TagPrefix="xct" TagName="securityCheck" src="elements/securityCheck.ascx" %>

After the OCForm1 tag: <xct:securitycheck id="securityCheck" runat="server" securePage="false" requireSSL="false" disableSSL="false" />

securePage = "true" or "false"
--Default: false
--If this property is set to "true" then the page will require the current session to be logged into a non-guest account in order to load the page.
--If true and the session is not logged in, the user will be redirected to the login page on the site.

requireSSL = "true" or "false"
--Default: false
--If this property is set to "true" then the page will require that it go through https.  If the initial page load is not https, then the user will be redirected to the https version of the url.
--If this property is set to "false" then the page will require that the page NOT go through https.  If the initial page load is https, then the user will be redirected to the http version of the url.
--Note: Make sure to set the web.config key: "secureURL" to the correct base https address for your site.  Ex: <add key="secureURL" value="https://www.catalinatechnology.com/" />

disableSSL = "true" or "false"
--Default: false
--If this property is set to "true" it will override all automatic http/https redirect handling and allow the page to be loaded regardless of the requireSSL property setting.
Related: disableSSL can be overridden on ALL pages of the site by adding a web.config application key:
--Default: false
--<add key="disableSSL" value="TRUE" />
--Note: Setting the global disableSSL key in web.config is often useful on development servers/workstations where an ssl key is not installed.

Quick Examples:

1. To make a page available to LOGGED IN users only you must change the "securePage" property.  (set it to true)
 Example: <xct:securitycheck id="securityCheck" runat="server" securePage="true" />

2. To make a page an SSL page (https access) you must change the "requireSSL" property (set it to true)
 Example: <xct:securitycheck id="securityCheck" runat="server" requireSSL="true" />