Existing ecommerce site which uses SSL into a facebook application

I'm looking into the time involved in taking an existing MVC C# website and creating an facebook application version which would allow users to buy directly from facebook.

I'm wondering whether this is possible, what the security implic开发者_如何学Cations would be and any other potential pitfalls? Is it possible to still use SSL through an Iframe in this way?

When you register a Facebook app, you specify both HTTP and HTTPS URLs for your canvas and your tab. So Facebook can do both.

Also, if someone opens your app by HTTP, nothing prevents you from redirecting to HTTPS inside the iframe.

It's just a website inside an iframe, not much more than that.