Unable to force SSL without an infinite redirect, have no id

Posted by Community Admin on 04-Aug-2018 23:16

Unable to force SSL without an infinite redirect, have no idea why

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 05-Sep-2015 00:00

Okay so I have 2 sites

 Site 1: No problems, if I hit www.<site>.com, sends me to https://www.<site>.com, perfect.  Backend setting has remove ssl when not required UNCHECKED, and the box below that, generate absolute urls ALSO unchecked.  On each page I then check-off require SSL, and just in case, have a url rewrite rule to move it to SSL.

 

Site 2: Same exact config as above (I've validated a ton of times, and made sure there's no modules or extra code or anything running to screw with it)...except in THIS case, if I check RequireSSL, the page I do it on sets it into an infinite redirect loop.  Problem #2 is that even when the site does load on SSL (It loads on both right now because it can't be forced into SSL only), all the Urls are absolute...but absolute to http: not https:  #GAH.

 The only difference in sites, is one (the problem one) has been around since like v4 or v5.  Both are Pure Feather right now.

Frustration level is at 12 right now...anyone have any thoughts?  Site is being double-indexed on http\https, causing issues.

 

Posted by Community Admin on 11-Sep-2015 00:00

No ideas? ...anyone?

Posted by Community Admin on 11-Sep-2015 00:00

This would not be my first choice, but if all else fails and it sounds like your just spinning wheels you may try a difference approach.  Instead of using Sitefinity or even IIS to handle the redirect you could do it yourself.

Add the following code either in the masterpage.  If your not using a masterpage then add it to a widget and place the widget on the page template.
 

if (!Request.IsSecureConnection)
    string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
    Response.Redirect(redirectUrl);

Posted by Community Admin on 11-Sep-2015 00:00

Appreciate the reply, but it's pure feather, there is no codebehind :/ ...also doesn't solve all the links in the page being pure http://

Posted by Community Admin on 11-Sep-2015 00:00

Instead of using a code behind you can do the redirect using an ASP.NET Module. I tested this solution from a MVC Application and it appears to work. Although the site I tested it on was not configured for ssl it still attempted the re-direct.

using System;
using System.Web;
 
namespace MvcApplication1
    public class CustomRedirectModule : IHttpModule
    
        /// <summary>
        /// You will need to configure this module in the web.config file of your
        /// web and register it with IIS before being able to use it. For more information
        /// see the following link: http://go.microsoft.com/?linkid=8101007
        /// </summary>
        #region IHttpModule Members
 
        public void Dispose()
        
            throw new NotImplementedException();
        
 
        public void Init(HttpApplication context)
        
            context.BeginRequest += new EventHandler(context_BeginRequest);
        
 
        void context_BeginRequest(object sender, EventArgs e)
        
            HttpApplication AppObject = (HttpApplication)sender;
 
            if (!AppObject.Request.IsSecureConnection)
            
                string redirectUrl = AppObject.Request.Url.ToString().Replace("http:", "https:");
                AppObject.Response.Redirect(redirectUrl);
            
        
        #endregion
 
        public void OnLogRequest(Object source, EventArgs e)
        
            //custom logging logic can go here
        
    

 

The Web.Config will need to be modified to register the module

<httpModules>
    <add name="CustomRedirectModule" type="MvcApplication1.CustomRedirectModule,MvcApplication1"/>
</httpModules>

Note. When registering the module in the Web.Config you should  use an assembly qualified name.   

NamespaceQualifiedTypeName, AssemblyName

Posted by Community Admin on 11-Sep-2015 00:00

Steve, 

Regarding the problem you stated with the  "links in the page being pure http://".  Are you referring to an  error message that the page contains both secured and secured links.  

If  you manually change the HTTP to HTTPS in the browser window and you are not getting any type of errors than the module approach should work. If it gives an error than the module approach won't solve that problem.  

Posted by Community Admin on 11-Sep-2015 00:00

No, like if I'm on the https site, every URL on the page autogenerated by SF is to http:// and ignoring the relative url setting in the backend.

Posted by Community Admin on 11-Sep-2015 00:00

Which browser are you using?  Supposedly IE converts all relative links to absolute on the client. 

http://www.sitefinity.com/developer-network/forums/suggestions-/stop-messing-with-my-relative-urls

Posted by Community Admin on 11-Sep-2015 00:00

I'm not sure this would work and would not try it myself unless there is a verified bug in Sitefinity and this is the last option. It is possible to modify the http content before it is transmitted using HTTPResponse Filters. Using this approach it may be possible to do a search and replace on http:// with https:// . I have never used response filters and do not have any advice on using them.

https://msdn.microsoft.com/en-us/library/system.web.httpresponse.filter.aspx

 

Posted by Community Admin on 11-Sep-2015 00:00

Yeah 100% not IE or client, if that was the case then the schema would at least match, browser wouldn't see https and use http.

 I think fundamentally I need to find the root issue, hacks just cause headaches in the future 100% of the time.

Appreciate the brainstorming though, at least it's not just me thinking this is odd :)

This thread is closed