I received some feedback about my CmsSslHttpModule. Some tried to use this module together with my CmsNiceUrlHttpModule. The result: when the CmsSslHttpModule switches between http and https the URLs did not change to the friendly URLs.
I analyzed the problem and found a workaround. The code below is an adjusted version of the CmsSslHttpModule which addresses this.
This code uses the NRORIGINALURL query string parameter to identify the friendly URL. There is a bug in MCMS 2002 SP1a (not sure if it also is in SP1 but might be) which removes all custom query strings from the NRORIGINALURL. So if your solution works with query string parameters to your postings, then you have to install the following hotfix which can be requested free of charge from Microsoft: 836895
using System;
using System.Web;
using Microsoft.ContentManagement.Publishing;
namespace StefanG.HttpModules
{
public class CmsSslHttpModule : IHttpModule
{
public void Init(HttpApplication httpApp)
{
httpApp.PreRequestHandlerExecute += new EventHandler(this.OnPreRequestHandlerExecute);
}
public void Dispose()
{
// nothing to do…
}
public void OnPreRequestHandlerExecute(object o, EventArgs e)
{
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = HttpContext.Current;
CmsHttpContext cmsContext = null;
// try-catch to prevent access denied exception during forms login.
try
{
cmsContext = CmsHttpContext.Current;
}
catch
{
// nothing to do…
}
if (cmsContext != null)
{
if (cmsContext.Channel != null)
{
bool RequireSSL = false;
if (cmsContext.Channel.CustomProperties[“RequireSSL”] != null)
{
RequireSSL = (cmsContext.Channel.CustomProperties[“RequireSSL”].Value).ToLower() == “yes”;
}
string Url = “”;
string UglyUrl = ctx.Request.Url.PathAndQuery;
if (cmsContext.Mode == PublishingMode.Published)
{
if (ctx.Request.QueryString[“NRORIGINALURL”] != null)
{
Url = ctx.Request.QueryString[“NRORIGINALURL”];
}
}
if (Url != “”)
Url = ctx.Request.Url.Host+Url;
else
Url = ctx.Request.Url.Host+UglyUrl;
if (RequireSSL & !ctx.Request.IsSecureConnection)
ctx.Response.Redirect(“https://“+Url);
if (!RequireSSL & ctx.Request.IsSecureConnection)
ctx.Response.Redirect(“http://“+Url);
}
}
}
}
}
Permalink
Hi Stefan, thanks for the fix, it works great.
I mad a small addition to the code, to allow the custom property to be set either by channel or posting:
right after we check the channel…
if (RequireSSL == false)
{
if (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"] != null)
RequireSSL = (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"].Value).ToLower() == "yes";
}
Permalink
Hi Stefan,
one more small change… I wrapped the whole thing in a try…catch because it was throwing a server error when you clicked on "channel properties" in the web editor.
Permalink
Hi Chris,
I tried to repro your problem but on my systems everything works fine.
Could you please tell me when the problem occurs?
Cheers,
Stefan.
Permalink
Hi Stefan,
It happened every time I clicked the "channel properties" link on the floating console, in any page on the site. All I did was add a catch that returns nothing, and everything is fine now.
Permalink
Hi Chris,
ok, I’m not able to repro it in your scenario. But I can repro it using forms authentication when the redirect to the login page happens.
I have adjusted the sample above.
Thanks for the heads-up!
Cheers,
Stefan.
Permalink
Ever thought about protecting parts of your MCMS site with SSL?In IIS you can enforce this for virtual…