Securing Sitecore Content for Logged-In Users

Securing content for a user that is logged in is a common request for sites where users enter sensitive information. With this in mind, we created a simple module that will always push the user to the secure version of the site when they are logged into Sitecore. All of this done is in the server side. Here is the code for this module:

using Sitecore.Pipelines.HttpRequest;
using Sitecore.Web;

namespace Oshyn.Sitecore.Pipeline.Security
{
    public class SSLResolver : HttpRequestProcessor
    {
        private bool _activeSSL;

        public virtual bool ActiveSSL
        {
            get { return this._activeSSL; }
            set { this._activeSSL = value; }
        }

        public override void Process(HttpRequestArgs args)
        {
            if (ActiveSSL && !args.Context.Request.IsSecureConnection && Sitecore.Context.PageMode.IsNormal)
            {
                WebUtil.Redirect(args.Context.Request.Url.AbsoluteUri.Replace("http://", "https://"));
            }
        }
    }
}

Once this is compiled in a library, the following configuration must be added to your web.config file in the <httpRequestBegin> pipeline after the <processor type="Sitecore.Pipelines.HttpRequest.ItemResolver, Sitecore.Kernel"/> line:

<processor type="Oshyn.Sitecore.Pipeline.Security.SSLResolver, Oshyn.Sitecore">
  <ActiveSSL>false</ActiveSSL>
</processor>

This is a simple module, built with the intention that you will add further improvements in order to make it fit your specific business rules. For example, you could configure it so it does not affect the editors of your site. Multiple options exist, but this module should be simple enough to allow you to add any functionality you need.