Telligent Evolution supports SSL to provide more security when browsing a site. There is a configurable setting in the communityserver.config file that controls the type of pages that require SSL.
Inside the root node of the communityserver.config file, there is a setting named SSL. Telligent Evolution supports three different options for SSL, which are listed below.
The recommended setting for securing a site is to use "all."
- Ignore - This is the default setting. Telligent Evolution ignores the SSL setting so that users can access the Web site regardless of whether or not they are communicating over SSL.
- Password - Telligent Evolution requires SSL communication for any page on the Web site that transmits a password. These pages include, but are not limited to, the login and create user pages.
- All - Telligent Evolution requires that all pages are transmitted over SSL. If a request comes over a non-SSL channel, it will be redirected to an SSL equivalent.
The core element in the communityserver.config file contains the SSL setting, as shown in the following example:
Securing the forms session cookie
In addition to requiring SSL for your pages, it is recommended to also require SSL transmission of the forms session cookie. This is done by updating the web.config for your site so that the forms node inside the authentication section has requireSSL="true". Below is an example of an updated forms node:
<forms name=".Telligent.Evolution" protection="All" timeout="10080" loginUrl="login.aspx" slidingExpiration="false" requireSSL="true" />