SSL Problems with OWS.Fetch

Forced SSL Security in DNN

By Kevin M Schreiner

The AJAX callback functionality automatically detects whether the callback to the server should be handled through a secured (HTTPS) connection. However, because the callback URL refers to a static ASPX page, which inherits from the core DotNetNuke page object, it is subject to the core runtime URL switching which detects whether the page is marked as Secure or not. This page cannot be marked as secure because it is a physical page, not a dynamic tab entry, and is universally used for all portals within the instance and must be secure/non-secure based on the requesting page.

With that said - you can examine the problem relatively quickly by navigating to Site Settings, and checking the box labeled "SSL Enforced". This option automatically switches the incoming URL request between HTTP/HTTPS depending on the isSecure setting of the page itself. A request from a Secure page containing OWS with a callback OWS.Fetch function (or with AJAX enabled by default) will result in an empty result for the module.

Examining the Request result from the AJAX callback via Firebug identifies the problem. The physical result is a client side redirect generated from the core DNN architecture, attempting to change from HTTPS into HTTP. This causes a failure of the callback, and therefore, a failure of the module to function.

To resolve this operation, you must first uncheck the SSL Enforce, and instead utilize SSL Enabled. This means that your site will now enable SSL for ALL urls, regardless of whether the pages themselves are identified as requiring security.

Now, the next critical step is to provide a workaround to the issue that many pages should NOT be behind HTTPS in order to provide the best bandwidth for the site. So, still providing a mechanism that automatically switches from HTTPS into HTTP when the page is not marked as secure is needed.Thankfully, OWS can easily support this functionality as either a drop in module on the page, or as an embedded skin object.

To create the module, all you need is a few simple Actions.

 

1. Create an IF Action, checking IF the Request is an HTTPS request

 

2. Create an IF action which is a CHILD of the previous step. This will check to see if the current Tab requires HTTPS

3. Create a Redirect action as a CHILD of the previous step, redirecting the user to the SAME url, only changing from HTTPS to HTTP.

 

If you prefer to simply COPY/PASTE the logic described above. Click PASTE within your OWS config, and then place the following into the textarea:

 

Average ( Ratings):
 
Want to help out?
 
 

New York, NY • Baltimore, MD • Vienna, VA • St. Louis, MO • Seattle, WA • info@openwebstudio.com

Bookmark & Share Bookmark and Share