I am adding functionality to an existing web application based on DotNetNuke, which uses FormsAuthentication for user authentication. One page I am working on allows the user to edit their personal settings such as name, address, e-mail details etc. They will also be able to edit their credit card details which are used for the recurring monthly payment for our website.
I want to put the "Edit Credit Card Details" page behind a secure connection. We have our main website (www.tacf.org
) which hosts the main application. We also have another domain: secure.tacf.org which has a valid certificate for SSL. I have tried creating a second Web Application to run on the secure server, allowing the credit card related communication to be secure.
When I use Response.Redirect() from the first project to send the user to the second one, any checking of Request.IsAuthenticated returns false, even when the requests in the other application were authenticated. I realise this must be due to the fact that I am running two separate applications. The problem is that I don't want to force the user to log in a second time. The transition from open server to secure server should be fairly smooth and swift for the user.
How can I best allow the user to edit their credit card details behind ssl while keeping the rest of the website outside of the secure server?