1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Sitefinity, SSL and Web Farms

Sitefinity, SSL and Web Farms

9 posts, 0 answered
  1. Michael
    Michael avatar
    7 posts
    Registered:
    19 Dec 2008
    20 Apr 2009
    Link to this post
    We have our new Sitefinity website gearing up to go live next week, but there is one last hiccup that needs to be addressed: SSL.

    We are behind a load balancer, and the load balancer handles SSL for the web servers.  However, it handles it by taking care of encryption/decryption on its own and sending the request and traffic to the web server as stock http to a different port, including the request string.  However, we can tell whether or not a page is being requested via SSL by the port that it is coming in on.

    Is there any way that I can override how Sitefinity handles "Require SSL"?
  2. Michael
    Michael avatar
    7 posts
    Registered:
    19 Dec 2008
    20 Apr 2009
    Link to this post
    I think I have a solution.  I'm overriding CmsHttpModule with the following...

    namespace MpiSitefinity 
        public class MpiCmsHttpModule : CmsHttpModule 
        { 
            protected override void ProcessRssRedirect(System.Web.HttpContext context, ICmsUrlContext url) 
            { 
                int securePort = 443; 
                int.TryParse(ConfigurationManager.AppSettings["SecurePort"], out securePort); 
     
                if (url.RequireSSL && context.Request.Url.Port != securePort) 
                    RedirectToHttps(); 
                else if (!url.RequireSSL || context.Request.Url.Port == securePort) 
                    RedirectToHttp(); 
            } 
     
            private void RedirectToHttp() 
            { 
                HttpContext current = HttpContext.Current; 
                current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace("https://""http://"), true); 
            } 
     
            private void RedirectToHttps() 
            { 
                HttpContext current = HttpContext.Current; 
                current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace("http://""https://"), true); 
            } 
     
        } 
     

  3. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    21 Apr 2009
    Link to this post
    Hi Michael,

    This solution is acceptable.
    Actually we are doing almost the same in our HttpModule, except the changed if-condition.

    Best wishes,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  4. Robert Darnall
    Robert Darnall avatar
    1 posts
    Registered:
    07 May 2009
    22 Jun 2009
    Link to this post
    Where did you put this code?  I see what you did, but not where you did it.
  5. Michael
    Michael avatar
    7 posts
    Registered:
    19 Dec 2008
    22 Jun 2009
    Link to this post
    Robert,

    Create a new class library project.

    Put this class in there.

    Replace the reference to CmsHttpModule in your web.config with the reference to your new class library.

    Our current version of the class (which works around a small issue we were having) is as follows:
    using System; 
    using System.Collections.Generic; 
    using System.Linq; 
    using System.Text; 
    using Telerik.Cms.Web; 
    using System.Configuration; 
    using System.Web; 
     
    namespace MpiSitefinity 
        public class MpiCmsHttpModule : CmsHttpModuleUrlRewrite 
        { 
            protected override void ProcessRssRedirect(System.Web.HttpContext context, ICmsUrlContext url) 
            { 
                int securePort = 443; 
                int.TryParse(ConfigurationManager.AppSettings["SecurePort"], out securePort); 
                if (securePort == 80) return
     
                if (!(!url.RequireSSL || context.Request.Url.Port == securePort)) 
                    RedirectToHttps(); 
                else if (!(url.RequireSSL || !(context.Request.Url.Port == securePort))) 
                    RedirectToHttp(); 
            } 
     
            private void RedirectToHttp() 
            { 
                HttpContext current = HttpContext.Current; 
                current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace("https://""http://").Replace(".org:8081",".org"), true); 
            } 
     
            private void RedirectToHttps() 
            { 
                HttpContext current = HttpContext.Current; 
                current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace("http://""https://"), true); 
            } 
     
        } 
     
  6. Kim
    Kim avatar
    1 posts
    Registered:
    24 Jun 2009
    24 Jun 2009
    Link to this post
    Michael,

    I am trying to help Robert solve this issue. Please note that sitefinity application is behind a load balancer server that handles the SSL, etc.  The IIS server that siteFinity is on is configured as follows:

    Foundry            |              IIS
    http:80               |              http:8080
    https:443 (cert)  |              http:8081 (no cert)


    and here is what I have tried:

    Created a "ReWrite" Dll

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using Telerik.Cms.Web;
    using System.Configuration;
    using System.Web;


    namespace Telerik.Cms.Web
    {
        public class CustomCmsHttpModule : CmsHttpModule
        {
            public CustomCmsHttpModule()
            {
            }
     
            protected override string GetUrl(HttpContext context)
            {

                string sUrl = "";
                HttpContext current = HttpContext.Current;

                if (context.Request.Url.AbsoluteUri.Contains(".com:8081"))
                {
                    sUrl = current.Request.Url.AbsoluteUri.Replace("http://", "https://").Replace(".com:8081", ".com");
                    current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace("http://", "https://").Replace(".com:8081", ".com"), true);
                    return sUrl;
                }
                else
                {
                    sUrl = current.Request.Url.AbsoluteUri.Replace(".com:8080", ".com");
                    current.Response.Redirect(current.Request.Url.AbsoluteUri.Replace(".com:8080", ".com"), true);
                    return sUrl;
                }

            }

        }

    }


    I placed the dll in the "bin" directory and modified the web.config file as follows:

          <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          <!-- <add name="Cms" type="Telerik.Cms.Web.CmsHttpModule, Telerik.Cms" /> -->
          <add name="Cms" type="Telerik.Cms.Web.CustomCmsHttpModule, bin\ReWrite.dll"/>


    The first problem I am having is the custom dll fails to load.  Also, is this the correct approach to solve this issue.

    Thanks,

    Kim
  7. Michael
    Michael avatar
    7 posts
    Registered:
    19 Dec 2008
    24 Jun 2009
    Link to this post
    Kim,

    Regarding the web.config piece, replace "bin/Rewrite.dll" with the name of your assembly (which is probably just "rewrite").

    Also, your current GetUrl() function will break.  If you look at my function (or at the one within Sitefinity via .NET Reflector), you'll see that the HTTP/HTTPS transition is only occurring if the new page is in a different scheme.  Your code will flip-flop in an infinite loop because the first page view will be in one state, so it will rewrite the URL and reload the page and the new page view will be in the second state, so it will rewrite the URL and so on.

    At the very least, keep the rules split out so they only fire off in those specific situations.
  8. Garry Clark
    Garry Clark avatar
    26 posts
    Registered:
    27 Jan 2005
    18 Aug 2009
    Link to this post
    Guys,
    I can not get the Require SSL redirection to work. I have installed my SSL certificate to the site and checked the Require SSL for a Login page and it always comes back telling me it could not find the Page. Turn SSL off and all works again.

    My SSL port however is 444 instead of 443 since another site on the server had already taken 443. Is there another configuration I need to implement?

    Also I have a page where I have Require SSL and Deny Anonymous selected. I have broken inheritance with its parent pages and yet it still displays when a anonymous user visits the site.

    The two pages you can see this on are:
    http://kcdccms.kcdc.org/en/HousingOpportunities/Section8/LandlordInformation.aspx (click on Landlord Login)
    and
    http://kcdccms.kcdc.org/en/EmployeeLogin.aspx
    If you look under the Employee Login page the Intranet Home page should be completely non existent until an employee actually logs in.

    I submitted a support ticket awhile back about this same behavoir and Rado responded with:
    1. Page Security Anonymous Deny setting being ignored

    The seems to be some unnatural problem with your project, since the deny anonymous property does not work as it should. As an alternative solution you can customize the default values of some page properties, so the newly created pages will use your default values. In, order to do this, please take a look at Setting Default Value of Anonymous Access to Deny. You can also you can write a code, which uses the API to iterate through the pages and denies anonymous access:
    Telerik.Cms.CmsManager manager = new Telerik.Cms.CmsManager();    
            foreach (Telerik.Cms.ICmsPage page in manager.GetPages())    
            {    
                Telerik.Cms.ICmsPage pageForEdit = manager.GetPage(page.ID, trueas Telerik.Cms.ICmsPage;    
                if (pageForEdit != null    
                    && (pageForEdit.Title=="Intranet"))    
                {    
                    pageForEdit.DenyAnonymous=true;    
                    manager.SavePage(pageForEdit);    
                }    
            }    
            return;     
     

    What I would really like to know though is what am I missing that would cause this unnatural behavoir to happen again? What do I need to do in order to get this deny anonymous and require ssl page properties to work properly as this is the second site I've tried to deploy exhibiting these symptoms. This latest is a brand new 3.7 site.

    Any help would greatly be appreciated!
  9. Garry Clark
    Garry Clark avatar
    26 posts
    Registered:
    27 Jan 2005
    20 Aug 2009
    Link to this post
    Update: After implementing a custom Role provider yesterday, which is very similar to Gabe's in his Webinar, I can now set the everyone role to deny on my Intranet pages and they do not show up to anonymous users. I have no idea why that would change anything, but it did.

    Still having the SSL problem though and will let you know if I figure out the solution. I do think that I have narrowed it down to using the non standard 443 port though. So I am getting very close.

    Thanks!
Register for webinar
9 posts, 0 answered