External DNS encryption fails in loading a https enabled website.

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
1/29/2015 2:02:46 AM
Guruprasad
Gravatar
Total Posts 58
View Posts
"Digg-in yourself to achieve excellence!" Follow #GPsays

Re: External DNS encryption fails in loading a https enabled website.

Hi Joe,

Thanks a lot for finding the cause of the issue. Also after making changes to these lines,

<add key="SSLIsAvailable" value="false" />

and removing requireSSL="true" from

<forms name=".mojochangeme" protection="All" timeout="20160" path="/" cookieless="UseCookies" loginUrl="~/Secure/Login.aspx" />

and also adding these couple of lines in user.config,

<add key="SecureConnectionServerVariableForValueCheck" value="HTTP_X_FORWARDED_PROTO" />
  <add key="SecureConnectionServerVariableSecureValue" value="https" />

and a legacy force for HTTPS using the javascript that you provided,

<script type="text/javascript">
if (window.location.protocol != "https:")
    window.location.href = "https:" + window.location.href.substring(window.location.protocol.length);
    </script>

Fixed the issue, also my web host has assured to make some changes on their server for working with the Server Variable(which hasnt done yet).

Once again I thank you for your efforts in providing the workaround :-)
I would be more glad, if you can provide me the information about the changes that you have done in the most recent version(2.4.0.8) of mojoPortal with regards to the mojoPortal.Web.dll

Thank You and have a great day ahead.

Regards,
Guruprasad

1/29/2015 10:51:29 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: External DNS encryption fails in loading a https enabled website.

It was a bug. We have a function SiteUtils.IsSecureRequest that can check the those proxy server variable settings. But our other function SiteUtils.ForceSSL was not checking IsSecureRequest before redirecting so it was in a redirect loop. The patch simply adds the missing check and if it is already a secure request based on the proxy settings then it doesn't redirect so it prevents the redirect loop. I've also added the patch to our codeplex download page for version 2.4.0.8 with a note about it.

Your host does not need to do anything since the proxy server is already adding the needed server variables. If you upgrade and apply the patch you will not need the javascript to redirect to https, you will be able to set SSLIsAvailable back to true and the server side code can do the redirect to https without getting stuck in a loop.

You must sign in to post in the forums. This thread is closed to new posts.