Update for the MCMS SSL Http Module (last updated: July 3rd, 2004)

I received some feedback about my CmsSslHttpModule. Some tried to use this module together with my CmsNiceUrlHttpModule. The result: when the CmsSslHttpModule switches between http and https the URLs did not change to the friendly URLs.

I analyzed the problem and found a workaround. The code below is an adjusted version of the CmsSslHttpModule which addresses this.

This code uses the NRORIGINALURL query string parameter to identify the friendly URL. There is a bug in MCMS 2002 SP1a (not sure if it also is in SP1 but might be) which removes all custom query strings from the NRORIGINALURL. So if your solution works with query string parameters to your postings, then you have to install the following hotfix which can be requested free of charge from Microsoft: 836895

using System;
using
System.Web;
using
Microsoft.ContentManagement.Publishing;

namespace StefanG.HttpModules
{
    public class
CmsSslHttpModule : IHttpModule 
   
        
       
public void Init(HttpApplication httpApp) 
        {
           
httpApp.PreRequestHandlerExecute += new EventHandler(this
.OnPreRequestHandlerExecute);
        }

        public void Dispose() 
        {
           
// nothing to do…
       
}

        public void OnPreRequestHandlerExecute(object o, EventArgs e)
        {
            HttpApplication httpApp = (HttpApplication) o; 
            HttpContext ctx = HttpContext.Current;
            CmsHttpContext cmsContext = null;

            // try-catch to prevent access denied exception during forms login.
            try
            {
                cmsContext = CmsHttpContext.Current;
            }
            catch
            {
                // nothing to do…
            }

           
if (cmsContext != null
)
            {
               
if (cmsContext.Channel != null
)
                {
                   
bool RequireSSL = false
;
                   
if (cmsContext.Channel.CustomProperties[“RequireSSL”] != null
)
                    {
                        RequireSSL = (cmsContext.Channel.CustomProperties[“RequireSSL”].Value).ToLower() == “yes”;
                    }

                    string Url = “”;
                    string UglyUrl = ctx.Request.Url.PathAndQuery;
                    if (cmsContext.Mode == PublishingMode.Published)
                    {
                        if (ctx.Request.QueryString[“NRORIGINALURL”] != null)
                        {
                            Url = ctx.Request.QueryString[“NRORIGINALURL”];
                        }
                    }
                    if (Url != “”)
                        Url = ctx.Request.Url.Host+Url;
                    else
                        Url = ctx.Request.Url.Host+UglyUrl;

                    if (RequireSSL & !ctx.Request.IsSecureConnection) 
                        ctx.Response.Redirect(“https://“+Url);
                   
if
(!RequireSSL & ctx.Request.IsSecureConnection)
                        ctx.Response.Redirect(“http://“+Url);
                }
            }
        }
    }
}

6 Comments


  1. Hi Stefan, thanks for the fix, it works great.

    I mad a small addition to the code, to allow the custom property to be set either by channel or posting:

    right after we check the channel…

    if (RequireSSL == false)

    {

    if (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"] != null)

    RequireSSL = (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"].Value).ToLower() == "yes";

    }

    Reply

  2. Hi Stefan,

    one more small change… I wrapped the whole thing in a try…catch because it was throwing a server error when you clicked on "channel properties" in the web editor.

    Reply

  3. Hi Chris,

    I tried to repro your problem but on my systems everything works fine.

    Could you please tell me when the problem occurs?

    Cheers,

    Stefan.

    Reply

  4. Hi Stefan,

    It happened every time I clicked the "channel properties" link on the floating console, in any page on the site. All I did was add a catch that returns nothing, and everything is fine now.

    Reply

  5. Hi Chris,

    ok, I’m not able to repro it in your scenario. But I can repro it using forms authentication when the redirect to the login page happens.

    I have adjusted the sample above.

    Thanks for the heads-up!

    Cheers,

    Stefan.

    Reply

  6. Ever thought about protecting parts of your MCMS site with SSL?In IIS you can enforce this for virtual…

    Reply

Leave a Reply to Stefan Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.