Login pop-up troubles

Hello,

I have been tasked with making sure our website login page runs through HTTPS.  How the site works is no matter what page you are on you can click the login link, a pop-up modal box opens front and center with login form (login.aspx).  Once you login that box goes away and the user is taken back to the page they were on as an authenticated user.  This process works just fine, until I throw HTTPS in the way.

What I did on the login.aspx.cs page_load event was added:
if (!Request.IsSecureConnection)
        {
            Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
        }

This part seems to work fine, once the login pop-up comes up I know it's now in HTTPS and the login function works fine...however the login box doesn't go away any longer.  The form goes away but there is the background of login.aspx still sitting there.  Here is the code that seemingly is supposed to make that pop-up disappear (also i have screen capture attached):

Response.Write("<script>window.parent.$eSite('#divLoginIframe').modalHide();if(window.parent.location.toString().indexOf(\"activateuser.aspx\") >0){window.parent.location = '/default.aspx';}else{window.parent.location = window.parent.location;}</script>");

I'm pretty sure I know what the problem is, but I don't know how to fix it.  The very last else it's setting the parent location (which should be the original page that called up the login), however my code to redirect to HTTPS I believe is changing that value and it's just trying to call itself as the parent location thus causing that frame to stay up and not go back to the original page.  I don't want to hard-code a parent location because I would like it to return back to the page the customer was on.

Any ideas how I can make this work?  I'm not big into Javascript so I'm not sure if something like this is easy or not.

Thanks,
Joe
image.jpg
sglewAsked:
Who is Participating?
 
Kelvin McDanielConnect With a Mentor Sr. Developer/ConsultantCommented:
Have you checked to see if there are any javascript errors being thrown? I wonder if you're getting something like an "illegal cross domain request" error...
0
 
leakim971PluritechnicianCommented:
why not always use HTTPS, so configure IIS to redirect the user starting with HTTP?
0
 
sglewAuthor Commented:
Hi,

That is definitely an option, but it seems to be overkill having the entire site running HTTPS 24x7x365.  Not really the solution I was looking for.

Thanks,
Joe
0
 
sglewAuthor Commented:
Thanks so much!  I will check that possibility.
0
 
sglewAuthor Commented:
Hello,

Found it was a cross-domain issue, was able to get around it.

Thanks for the suggestion.

Joe
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.