Reputation: 5547
DNN redirect to https
We have a self-hosted DNN 6.01.03 site, in Windows 2003x64, std.
We have enabled it to use SSL, but we would like to set it up so an user coming through HTTP gets redirected to HTTPs.
Is there a way to do that? It seems that in IIS7 we could use the IIS Rewrite URL module, but this is IIS6.
Please advise. Thanks.
Upvotes: 7
Views: 7576
Answers (4)
Reputation: 34207
You can setup a redirect in Global.asax to force redirect of ALL page request on the hosted domain. This will have higher priority than any DNN settings.
<script RunAt="server">
protected void Application_BeginRequest(object sender, EventArgs e)
{
// ENABLE SSL REDIRECTS
if (!HttpContext.Current.Request.IsSecureConnection)
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
}
}
</script>
Or if you are using custom headers or load balancers
<script RunAt="server">
protected void Application_BeginRequest(object sender, EventArgs e)
{
// ENABLE SSL REDIRECTS
if (!string.Equals(Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase))
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
}
}
</script>
Upvotes: 0
Reputation: 105
To help others: The answer here comes in 2 parts from 2 different people:
1) As Mitchel state, go to your DNN site setting, Enable SSL and Enforce SSL. Site Settings > Advanced Settings > SSL Settings > Check both, "Enable SSL and Enforce SSL"
2) As Bruce pointed out, you then have to go to each page and make it a secure page. Page Settings > Other Settings > check "Secure". I had to do this for all of the pages... even Site Admin and Settings Pages.
Upvotes: 1
Reputation: 6962
Set up a redirect page and point 403.4 errors there. The redirect page will be the only url that doesn't enforce SSL.
1. Create a redirect page
You can use pretty much any available web technology here.
Examples:
- client-side html/js (requires javascript)
- Classic ASP
In ASP.NET, the redirect.aspx can be written in a similar way to which it is done in Classic ASP:
<%@ Page Language="C#" %>
<!DOCTYPE html>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsSecureConnection)
{
string query = Request.ServerVariables["QUERY_STRING"];
query = query.Replace("http:", "https:");
query = query.Replace("403;", "");
query = query.Replace(":80", "");
Response.Redirect(query);
}
}
</script>
<html>
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
Redirecting...
</div>
</form>
</body>
</html>
2. Check that SSL is not enforced on the redirect page
3. Point 403.4 errors to the redirect page url
See also:
- asp.net c# redirecting from http to https
- Automatically Redirect HTTP requests to HTTPS on IIS 6
- IIS: Redirect from http to https
Upvotes: 3
Reputation: 63126
The fastest way is to set the site to "Force SSL" in DNN.
I have noticed that the behavior is better when using a tool like UrlMaster from IFinity.com.au.
Upvotes: 6
Related Questions
- DNN redirect Loop
- DNN: Whole site with HTTPS (SSL)
- dotnetnuke redirect
- Why is my DNN friendly url redirect not taking effect?
- Creating a secure DNN portal without SSL
- DNN error setting site to HTTPS
- Response.Redirect in DNN using CommandArguments
- DNN doesn't redirect to Default.aspx
- DotNetNuke URL Rewriting With HTTPS Not Working
- SSL on a DotNetNuke portal