MojoPortal and certificates

Post here for help with installing or upgrading mojoPortal pre-compiled release packages. When posting in this forum, please provide all relevant details. You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

Post here for help with installation of mojoPortal pre-compiled release packages

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.

You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

This thread is closed to new posts. You must sign in to post in the forums.
1/16/2015 3:02:31 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

I have tried the following : 

https://www.orbitsupport.se/
https://www.orbitsupport.se/Default.aspx
https://www.orbitsupport.se/Secure/Login.aspx?returnurl=%2fDefault.aspx

And all of them works just fine and the login will work just fine so the certificate seems to be installed as it should. The problem are that I need to redirect all trafic from http to https and to do this I need to turn on the SSLIsAvailable.

When SSLIsAvailable is turned on and I go to http://orbitsupport.se the page will reload http://www.orbitsupport.se but it will ignore the https. This is becouse the page is not forcing https at this point, if I however click the login link I will get the same redirection exception as before but I can see that it is no forcing https(https://www.orbitsupport.se/Secure/Login.aspx?returnurl=%2f) and thats correct.

So I do still not get why I get a redirection exception but I will talk with the host and see if there is something strange there.

 

1/16/2015 8:06:55 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: MojoPortal and certificates

SSLIsAvailable = true does a few things

it will force ssl on pages we know need to be secure such as login, register, user profile

it will surface new setting in page settings for "Force SSL" which can be used to force specific pages to use https

it will surface a new setting in Site Settings for "Force SSL on All Pages"

to secure other pages you would want to check that box in site settings, but I would not do that if you still get a redirect error on login link because that will just force that error site wide.

if mojoportal cannot detect whether the current request is a secure request then it can get in a redirect loop because it it redirects to https but it still detects it as a not secure request so it just redirects again and again. This can happen if there is a proxy server that prevents the web server from seeing the real request correctly. Definitely only your host can help with that.

But again, if you are still getting a redirect problem I think it can also be a browser cache issue. Did you try another web browser or machine to verify?

 

1/16/2015 8:45:03 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: MojoPortal and certificates

if you find out that it is a proxy server, some proxy servers have a way to indicate to the web server whether it is a secure request often using a server variable, but you would have to know if that is the case and what the server variable is. Wehave logic to check for some config settings that can be set if one knows the name of a server variable that indicates if it is a secure request.

public static bool IsSecureRequest()
        {
            if((HttpContext.Current != null)&&(HttpContext.Current.Request != null))
            {
                // default this works when the SSL certificate is installed in the site but not when using load balancers or other proxy server
                if (HttpContext.Current.Request.IsSecureConnection) { return true; } 

                if (WebConfigSettings.SecureConnectionServerVariableForPresenceCheck.Length > 0)
                {
                    if (HttpContext.Current.Request.ServerVariables[WebConfigSettings.SecureConnectionServerVariableForPresenceCheck] != null) { return true; }
                }

                if ((WebConfigSettings.SecureConnectionServerVariableForValueCheck.Length > 0) && (WebConfigSettings.SecureConnectionServerVariableSecureValue.Length > 0))
                {
                    if (HttpContext.Current.Request.ServerVariables[WebConfigSettings.SecureConnectionServerVariableForValueCheck] != null)
                    {
                        if (HttpContext.Current.Request.ServerVariables[WebConfigSettings.SecureConnectionServerVariableForValueCheck] == WebConfigSettings.SecureConnectionServerVariableSecureValue) { return true; }
                    }
                }

            }
            

            return false;
        }

the problem is with a proxy server the certificate is not installed in IIS, the proxy sits in front of IIS and passes the request without ssl to the web server but keeps it encrypted between the proxy server and the web browser. In this case since the web server is not securing the request, from its point of view  it is not a secure request because this line of code will always be false:

HttpContext.Current.Request.IsSecureConnection

thus it tries to redirect again and again and it never sees a secure request from its point of view

whereas with a certificate installed directly in IIS that line would return true for a secure request

1/16/2015 9:03:52 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: MojoPortal and certificates

I just remembered we have a built in page to show server variables. What I would do is login as admin, then in one browser tab visit

https://www.orbitsupport.se/DevAdmin/ServerVariables.aspx

and in another tab visit

http://www.orbitsupport.se/DevAdmin/ServerVariables.aspx

then carefully compare the 2 pages, what you are looking for is either a variable that appears only on the secure version or a variable that appears in both cases but has a different value on the secure one.

if you find something I may be able to help you solve this problem.

1/16/2015 9:34:17 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

Thanks, my user are administrater(role member of Administrators) but I do not have access to that page?

1/16/2015 9:38:55 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: MojoPortal and certificates

it is disabled by default put this in user.config then touch Web.config, then you should be able to get there

<add key="EnableDeveloperMenuInAdminMenu" value="true" />

after that you will also find it under Administration > Advanced Tools > Developer Tools > Server Variables

1/16/2015 9:46:54 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

I added it to the regular web.config but that did not work. I dont have a user.config right now so I will have to fix this next week.

1/16/2015 10:55:31 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: MojoPortal and certificates

don't add it to Web.config because it already exists there, if you are not using a user.config file then you can change the value of the existing setting to true in Web.config

if the setting exists more than once in Web.config, as it does since you added it, the one closer to the bottom of the file wins

1/19/2015 7:09:18 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

I have now tried this and this is what I get : 

HTTPS

ALL_HTTP HTTP_CONNECTION:keep-alive HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 HTTP_ACCEPT_ENCODING:gzip, deflate, sdch HTTP_ACCEPT_LANGUAGE:sv,en-US;q=0.8,en;q=0.6 HTTP_COOKIE:ASP.NET_SessionId=ucb3t1mjzbtvafqxmd50lcgb; .mojochangeme=C00E3C9FF7F6780019D035A8F53098CAEC94A707FE2F7E5307ACEE26A686E63496830E7992632B8B917A33D3E37CE43480DBEAAB00D830E17C361749E49D433F0EDEE5FC0884C2D588971E9A2D912EA33A610B03FC01D409BC956B8E473B2C9E58D85DBA73C21EC558B2E4B51141C017E7095D33B914773176BF05B9FC602F0C2A0E5E8F; www.orbitsupport.seportalroles1=D3778135405850EC6C71B67099610EEB28C04E9058B12E54F4ADBD1404CCC196C5BFBA8EE270A4ABC76174E279EA619F9612181C35DDFC3193C8B61503B4D692EDFAA17AAD37F7E3F54F5C9AB7E7886372BD40A8B237EA282391214833F4E09FBAF6863639C92183DDC1E8E026D9A2757DB536ECE6D52E20C67EB6FA0545F01506BB4772876872D806A2A3A89FC30F8A9030F08D921465EAC2938D1C379D60FCEEE85E58DDCEF6FD2076A709217244E95ED0627907E4F95966E603577859D931D1A8DDDFD4B2A1BD44233953AC341572D81BF5A6630B21F960561A9E0A1D5BF762929A98FA46DBCAAEFDAC8D403E306B75F6D1691ECA6B0CF2FB229265C04C7768668FCB HTTP_HOST:www.orbitsupport.se HTTP_USER_AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 HTTP_REMOTE_ADDR:85.197.150.56 HTTP_LOCAL_ADDR:109.235.170.27 HTTP_X_FORWARDED_FOR:85.197.150.56 HTTP_X_FORWARDED_PROTO:https HTTP_HTTPS:on
ALL_RAW Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: sv,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=ucb3t1mjzbtvafqxmd50lcgb; .mojochangeme=C00E3C9FF7F6780019D035A8F53098CAEC94A707FE2F7E5307ACEE26A686E63496830E7992632B8B917A33D3E37CE43480DBEAAB00D830E17C361749E49D433F0EDEE5FC0884C2D588971E9A2D912EA33A610B03FC01D409BC956B8E473B2C9E58D85DBA73C21EC558B2E4B51141C017E7095D33B914773176BF05B9FC602F0C2A0E5E8F; www.orbitsupport.seportalroles1=D3778135405850EC6C71B67099610EEB28C04E9058B12E54F4ADBD1404CCC196C5BFBA8EE270A4ABC76174E279EA619F9612181C35DDFC3193C8B61503B4D692EDFAA17AAD37F7E3F54F5C9AB7E7886372BD40A8B237EA282391214833F4E09FBAF6863639C92183DDC1E8E026D9A2757DB536ECE6D52E20C67EB6FA0545F01506BB4772876872D806A2A3A89FC30F8A9030F08D921465EAC2938D1C379D60FCEEE85E58DDCEF6FD2076A709217244E95ED0627907E4F95966E603577859D931D1A8DDDFD4B2A1BD44233953AC341572D81BF5A6630B21F960561A9E0A1D5BF762929A98FA46DBCAAEFDAC8D403E306B75F6D1691ECA6B0CF2FB229265C04C7768668FCB Host: www.orbitsupport.se User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 Remote-Addr: 85.197.150.56 Local-Addr: 109.235.170.27 X-FORWARDED-FOR: 85.197.150.56 X_FORWARDED_PROTO: https HTTPS: on

HTTP

ALL_HTTP HTTP_CONNECTION:keep-alive HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 HTTP_ACCEPT_ENCODING:gzip, deflate, sdch HTTP_ACCEPT_LANGUAGE:sv,en-US;q=0.8,en;q=0.6 HTTP_COOKIE:ASP.NET_SessionId=ucb3t1mjzbtvafqxmd50lcgb; .mojochangeme=C00E3C9FF7F6780019D035A8F53098CAEC94A707FE2F7E5307ACEE26A686E63496830E7992632B8B917A33D3E37CE43480DBEAAB00D830E17C361749E49D433F0EDEE5FC0884C2D588971E9A2D912EA33A610B03FC01D409BC956B8E473B2C9E58D85DBA73C21EC558B2E4B51141C017E7095D33B914773176BF05B9FC602F0C2A0E5E8F; www.orbitsupport.seportalroles1=D3778135405850EC6C71B67099610EEB28C04E9058B12E54F4ADBD1404CCC196C5BFBA8EE270A4ABC76174E279EA619F9612181C35DDFC3193C8B61503B4D692EDFAA17AAD37F7E3F54F5C9AB7E7886372BD40A8B237EA282391214833F4E09FBAF6863639C92183DDC1E8E026D9A2757DB536ECE6D52E20C67EB6FA0545F01506BB4772876872D806A2A3A89FC30F8A9030F08D921465EAC2938D1C379D60FCEEE85E58DDCEF6FD2076A709217244E95ED0627907E4F95966E603577859D931D1A8DDDFD4B2A1BD44233953AC341572D81BF5A6630B21F960561A9E0A1D5BF762929A98FA46DBCAAEFDAC8D403E306B75F6D1691ECA6B0CF2FB229265C04C7768668FCB HTTP_HOST:www.orbitsupport.se HTTP_USER_AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 HTTP_REMOTE_ADDR:85.197.150.56 HTTP_LOCAL_ADDR:109.235.170.27
ALL_RAW Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: sv,en-US;q=0.8,en;q=0.6 Cookie: ASP.NET_SessionId=ucb3t1mjzbtvafqxmd50lcgb; .mojochangeme=C00E3C9FF7F6780019D035A8F53098CAEC94A707FE2F7E5307ACEE26A686E63496830E7992632B8B917A33D3E37CE43480DBEAAB00D830E17C361749E49D433F0EDEE5FC0884C2D588971E9A2D912EA33A610B03FC01D409BC956B8E473B2C9E58D85DBA73C21EC558B2E4B51141C017E7095D33B914773176BF05B9FC602F0C2A0E5E8F; www.orbitsupport.seportalroles1=D3778135405850EC6C71B67099610EEB28C04E9058B12E54F4ADBD1404CCC196C5BFBA8EE270A4ABC76174E279EA619F9612181C35DDFC3193C8B61503B4D692EDFAA17AAD37F7E3F54F5C9AB7E7886372BD40A8B237EA282391214833F4E09FBAF6863639C92183DDC1E8E026D9A2757DB536ECE6D52E20C67EB6FA0545F01506BB4772876872D806A2A3A89FC30F8A9030F08D921465EAC2938D1C379D60FCEEE85E58DDCEF6FD2076A709217244E95ED0627907E4F95966E603577859D931D1A8DDDFD4B2A1BD44233953AC341572D81BF5A6630B21F960561A9E0A1D5BF762929A98FA46DBCAAEFDAC8D403E306B75F6D1691ECA6B0CF2FB229265C04C7768668FCB Host: www.orbitsupport.se User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 Remote-Addr: 85.197.150.56 Local-Addr: 109.235.170.27
 

HTTPS

LOCAL_ADDR 192.168.10.91

HTTP

LOCAL_ADDR 192.168.10.94

 

HTTPS

HTTP_X_FORWARDED_FOR 85.197.150.56
HTTP_X_FORWARDED_PROTO https
HTTP_HTTPS on

HTTP

[Missing]

 

Does this say you anything?

 

1/19/2015 9:03:24 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

The host saw no problems with the certificate so they created a .htaccess file with the following : 

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.(.)$ [NC]
RewriteCond %{HTTP:HTTPS} !on
RewriteRule . https://www.%{HTTP_HOST}%{REQUEST_URI} [R,L]

Now it works, but mojoPortal are still set to not use https(available) it thats a problem?

 

1/19/2015 9:37:55 AM
Lexer
Gravatar
Total Posts 83
View Posts

Re: MojoPortal and certificates

Okay, no upload is working this this .htaccess file in place? If I remove it the upload works again?

You must sign in to post in the forums. This thread is closed to new posts.