+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Unable to force SSL without an infinite redirect, have no idea why

Unable to force SSL without an infinite redirect, have no idea why

10 posts, 0 answered
  1. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    05 Sep 2015
    Link to this post

    Okay so I have 2 sites

     Site 1: No problems, if I hit www.<site>.com, sends me to https://www.<site>.com, perfect.  Backend setting has remove ssl when not required UNCHECKED, and the box below that, generate absolute urls ALSO unchecked.  On each page I then check-off require SSL, and just in case, have a url rewrite rule to move it to SSL.

     

    Site 2: Same exact config as above (I've validated a ton of times, and made sure there's no modules or extra code or anything running to screw with it)...except in THIS case, if I check RequireSSL, the page I do it on sets it into an infinite redirect loop.  Problem #2 is that even when the site does load on SSL (It loads on both right now because it can't be forced into SSL only), all the Urls are absolute...but absolute to http: not https:  #GAH.

     The only difference in sites, is one (the problem one) has been around since like v4 or v5.  Both are Pure Feather right now.

    Frustration level is at 12 right now...anyone have any thoughts?  Site is being double-indexed on http\https, causing issues.

     

  2. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    11 Sep 2015 in reply to Steve
    Link to this post
    No ideas? ...anyone?
  3. ch
    ch avatar
    25 posts
    Registered:
    14 May 2014
    11 Sep 2015
    Link to this post

    This would not be my first choice, but if all else fails and it sounds like your just spinning wheels you may try a difference approach.  Instead of using Sitefinity or even IIS to handle the redirect you could do it yourself.

    Add the following code either in the masterpage.  If your not using a masterpage then add it to a widget and place the widget on the page template.
     

    if (!Request.IsSecureConnection)
    {
        string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
        Response.Redirect(redirectUrl);
    }

  4. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    11 Sep 2015 in reply to ch
    Link to this post
    Appreciate the reply, but it's pure feather, there is no codebehind :/ ...also doesn't solve all the links in the page being pure http://
  5. ch
    ch avatar
    25 posts
    Registered:
    14 May 2014
    11 Sep 2015
    Link to this post

    Instead of using a code behind you can do the redirect using an ASP.NET Module. I tested this solution from a MVC Application and it appears to work. Although the site I tested it on was not configured for ssl it still attempted the re-direct.

    using System;
    using System.Web;
     
    namespace MvcApplication1
    {
        public class CustomRedirectModule : IHttpModule
        {
            /// <summary>
            /// You will need to configure this module in the web.config file of your
            /// web and register it with IIS before being able to use it. For more information
            /// see the following link: http://go.microsoft.com/?linkid=8101007
            /// </summary>
            #region IHttpModule Members
     
            public void Dispose()
            {
                throw new NotImplementedException();
            }
     
            public void Init(HttpApplication context)
            {
                context.BeginRequest += new EventHandler(context_BeginRequest);
            }
     
            void context_BeginRequest(object sender, EventArgs e)
            {
                HttpApplication AppObject = (HttpApplication)sender;
     
                if (!AppObject.Request.IsSecureConnection)
                {
                    string redirectUrl = AppObject.Request.Url.ToString().Replace("http:", "https:");
                    AppObject.Response.Redirect(redirectUrl);
                }
            }
            #endregion
     
            public void OnLogRequest(Object source, EventArgs e)
            {
                //custom logging logic can go here
            }
        }
    }

     

    The Web.Config will need to be modified to register the module

    <httpModules>
        <add name="CustomRedirectModule" type="MvcApplication1.CustomRedirectModule,MvcApplication1"/>
    </httpModules>

    Note. When registering the module in the Web.Config you should  use an assembly qualified name.   

    NamespaceQualifiedTypeName, AssemblyName

  6. ch
    ch avatar
    25 posts
    Registered:
    14 May 2014
    11 Sep 2015
    Link to this post

    Steve, 

    Regarding the problem you stated with the  "links in the page being pure http://".  Are you referring to an  error message that the page contains both secured and secured links.  

    If  you manually change the HTTP to HTTPS in the browser window and you are not getting any type of errors than the module approach should work. If it gives an error than the module approach won't solve that problem.  

  7. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    11 Sep 2015
    Link to this post
    No, like if I'm on the https site, every URL on the page autogenerated by SF is to http:// and ignoring the relative url setting in the backend.
  8. ch
    ch avatar
    25 posts
    Registered:
    14 May 2014
    11 Sep 2015
    Link to this post

    Which browser are you using?  Supposedly IE converts all relative links to absolute on the client. 

    http://www.sitefinity.com/developer-network/forums/suggestions-/stop-messing-with-my-relative-urls

  9. ch
    ch avatar
    25 posts
    Registered:
    14 May 2014
    11 Sep 2015
    Link to this post

    I'm not sure this would work and would not try it myself unless there is a verified bug in Sitefinity and this is the last option. It is possible to modify the http content before it is transmitted using HTTPResponse Filters. Using this approach it may be possible to do a search and replace on http:// with https:// . I have never used response filters and do not have any advice on using them.

    https://msdn.microsoft.com/en-us/library/system.web.httpresponse.filter.aspx

     

  10. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    11 Sep 2015 in reply to ch
    Link to this post

    Yeah 100% not IE or client, if that was the case then the schema would at least match, browser wouldn't see https and use http.

     I think fundamentally I need to find the root issue, hacks just cause headaches in the future 100% of the time.

    Appreciate the brainstorming though, at least it's not just me thinking this is odd :)

10 posts, 0 answered