Unable to force SSL without an infinite redirect, have no idea why - Bugs & Issues - Bugs & Issues - Progress Community

Unable to force SSL without an infinite redirect, have no idea why

 Bugs & Issues

Unable to force SSL without an infinite redirect, have no idea why

  • Unable to force SSL without an infinite redirect, have no idea why
  • Okay so I have 2 sites

     Site 1: No problems, if I hit www.<site>.com, sends me to https://www.<site>.com, perfect.  Backend setting has remove ssl when not required UNCHECKED, and the box below that, generate absolute urls ALSO unchecked.  On each page I then check-off require SSL, and just in case, have a url rewrite rule to move it to SSL.

     

    Site 2: Same exact config as above (I've validated a ton of times, and made sure there's no modules or extra code or anything running to screw with it)...except in THIS case, if I check RequireSSL, the page I do it on sets it into an infinite redirect loop.  Problem #2 is that even when the site does load on SSL (It loads on both right now because it can't be forced into SSL only), all the Urls are absolute...but absolute to http: not https:  #GAH.

     The only difference in sites, is one (the problem one) has been around since like v4 or v5.  Both are Pure Feather right now.

    Frustration level is at 12 right now...anyone have any thoughts?  Site is being double-indexed on http\https, causing issues.

     

  • This would not be my first choice, but if all else fails and it sounds like your just spinning wheels you may try a difference approach.  Instead of using Sitefinity or even IIS to handle the redirect you could do it yourself.

    Add the following code either in the masterpage.  If your not using a masterpage then add it to a widget and place the widget on the page template.
     

    if (!Request.IsSecureConnection)
        string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
        Response.Redirect(redirectUrl);

  • Instead of using a code behind you can do the redirect using an ASP.NET Module. I tested this solution from a MVC Application and it appears to work. Although the site I tested it on was not configured for ssl it still attempted the re-direct.

    using System;
    using System.Web;
     
    namespace MvcApplication1
        public class CustomRedirectModule : IHttpModule
        
            /// <summary>
            /// You will need to configure this module in the web.config file of your
            /// web and register it with IIS before being able to use it. For more information
            /// see the following link: http://go.microsoft.com/?linkid=8101007
            /// </summary>
            #region IHttpModule Members
     
            public void Dispose()
            
                throw new NotImplementedException();
            
     
            public void Init(HttpApplication context)
            
                context.BeginRequest += new EventHandler(context_BeginRequest);
            
     
            void context_BeginRequest(object sender, EventArgs e)
            
                HttpApplication AppObject = (HttpApplication)sender;
     
                if (!AppObject.Request.IsSecureConnection)
                
                    string redirectUrl = AppObject.Request.Url.ToString().Replace("http:", "https:");
                    AppObject.Response.Redirect(redirectUrl);
                
            
            #endregion
     
            public void OnLogRequest(Object source, EventArgs e)
            
                //custom logging logic can go here
            
        

     

    The Web.Config will need to be modified to register the module

    <httpModules>
        <add name="CustomRedirectModule" type="MvcApplication1.CustomRedirectModule,MvcApplication1"/>
    </httpModules>

    Note. When registering the module in the Web.Config you should  use an assembly qualified name.   

    NamespaceQualifiedTypeName, AssemblyName

  • Steve, 

    Regarding the problem you stated with the  "links in the page being pure http://".  Are you referring to an  error message that the page contains both secured and secured links.  

    If  you manually change the HTTP to HTTPS in the browser window and you are not getting any type of errors than the module approach should work. If it gives an error than the module approach won't solve that problem.  

  • No, like if I'm on the https site, every URL on the page autogenerated by SF is to http:// and ignoring the relative url setting in the backend.
  • Which browser are you using?  Supposedly IE converts all relative links to absolute on the client. 

    http://www.sitefinity.com/developer-network/forums/suggestions-/stop-messing-with-my-relative-urls

  • I'm not sure this would work and would not try it myself unless there is a verified bug in Sitefinity and this is the last option. It is possible to modify the http content before it is transmitted using HTTPResponse Filters. Using this approach it may be possible to do a search and replace on http:// with https:// . I have never used response filters and do not have any advice on using them.

    https://msdn.microsoft.com/en-us/library/system.web.httpresponse.filter.aspx

     

  • No ideas? ...anyone?
  • Appreciate the reply, but it's pure feather, there is no codebehind :/ ...also doesn't solve all the links in the page being pure http://
  • Yeah 100% not IE or client, if that was the case then the schema would at least match, browser wouldn't see https and use http.

     I think fundamentally I need to find the root issue, hacks just cause headaches in the future 100% of the time.

    Appreciate the brainstorming though, at least it's not just me thinking this is odd :)