Stefan Goßner : Update for the MCMS SSL Http Module (last updated: July 3rd, 2004)

Update for the MCMS SSL Http Module (last updated: July 3rd, 2004)

I received some feedback about my CmsSslHttpModule. Some tried to use this module together with my CmsNiceUrlHttpModule. The result: when the CmsSslHttpModule switches between http and https the URLs did not change to the friendly URLs.

I analyzed the problem and found a workaround. The code below is an adjusted version of the CmsSslHttpModule which addresses this.

This code uses the NRORIGINALURL query string parameter to identify the friendly URL. There is a bug in MCMS 2002 SP1a (not sure if it also is in SP1 but might be) which removes all custom query strings from the NRORIGINALURL. So if your solution works with query string parameters to your postings, then you have to install the following hotfix which can be requested free of charge from Microsoft: 836895

using System;
using System.Web;
using Microsoft.ContentManagement.Publishing;

namespace StefanG.HttpModules
{
    public class CmsSslHttpModule : IHttpModule
    {

        public void Init(HttpApplication httpApp)
        {
            httpApp.PreRequestHandlerExecute += new EventHandler(this.OnPreRequestHandlerExecute);
        }

        public void Dispose()
        {
            // nothing to do...
        }

        public void OnPreRequestHandlerExecute(object o, EventArgs e)
        {
            HttpApplication httpApp = (HttpApplication) o;
            HttpContext ctx = HttpContext.Current;
            CmsHttpContext cmsContext = null;

            // try-catch to prevent access denied exception during forms login.
            try
            {
                cmsContext = CmsHttpContext.Current;
            }
            catch
            {
                // nothing to do...
            }

            if (cmsContext != null)
            {
                if (cmsContext.Channel != null)
                {
                    bool RequireSSL = false;
                    if (cmsContext.Channel.CustomProperties["RequireSSL"] != null)
                    {
                        RequireSSL = (cmsContext.Channel.CustomProperties["RequireSSL"].Value).ToLower() == "yes";
                    }

                    string Url = "";
                    string UglyUrl = ctx.Request.Url.PathAndQuery;
                    if (cmsContext.Mode == PublishingMode.Published)
                    {
                        if (ctx.Request.QueryString["NRORIGINALURL"] != null)
                        {
                            Url = ctx.Request.QueryString["NRORIGINALURL"];
                        }
                    }
                    if (Url != "")
                        Url = ctx.Request.Url.Host+Url;
                    else
                        Url = ctx.Request.Url.Host+UglyUrl;

                    if (RequireSSL & !ctx.Request.IsSecureConnection)
                        ctx.Response.Redirect("https://"+Url);
                    if (!RequireSSL & ctx.Request.IsSecureConnection)
                        ctx.Response.Redirect("http://"+Url);
                }
            }
        }
    }
}

Published Monday, June 14, 2004 6:47 PM by Stefan_Gossner

Filed under: Coding Tips, MCMS

Comments

Friday, June 18, 2004 1:38 AM by Chris

# re: Update for the MCMS SSL Http Module

Hi Stefan, thanks for the fix, it works great.

I mad a small addition to the code, to allow the custom property to be set either by channel or posting:
right after we check the channel...

if (RequireSSL == false)
{
if (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"] != null)

RequireSSL = (CmsHttpContext.Current.Posting.CustomProperties["RequireSSL"].Value).ToLower() == "yes";
}

Tuesday, June 22, 2004 1:13 AM by Chris

# re: Update for the MCMS SSL Http Module

Hi Stefan,

one more small change... I wrapped the whole thing in a try...catch because it was throwing a server error when you clicked on "channel properties" in the web editor.

Thursday, July 01, 2004 9:54 AM by Stefan

# re: Update for the MCMS SSL Http Module

Hi Chris,

I tried to repro your problem but on my systems everything works fine.
Could you please tell me when the problem occurs?

Cheers,
Stefan.

Friday, July 02, 2004 10:54 PM by Chris

# re: Update for the MCMS SSL Http Module

Hi Stefan,

It happened every time I clicked the "channel properties" link on the floating console, in any page on the site. All I did was add a catch that returns nothing, and everything is fine now.

Saturday, July 03, 2004 1:53 PM by Stefan

# re: Update for the MCMS SSL Http Module

Hi Chris,

ok, I'm not able to repro it in your scenario. But I can repro it using forms authentication when the redirect to the login page happens.

I have adjusted the sample above.
Thanks for the heads-up!

Cheers,
Stefan.

Thursday, April 21, 2005 9:03 AM by Stefan Goßner

# MCMS tip of the day - SSL protection for MCMS channels

Ever thought about protecting parts of your MCMS site with SSL?In IIS you can enforce this for virtual...

New Comments to this post are disabled

Stefan Goßner

This Blog

Syndication

Search

News

Blog Links

MCMS Resources

Private Links

SharePoint Resources

Tags

Recent Posts

Archives

Update for the MCMS SSL Http Module (last updated: July 3rd, 2004)

Comments

# re: Update for the MCMS SSL Http Module

# re: Update for the MCMS SSL Http Module

# re: Update for the MCMS SSL Http Module

# re: Update for the MCMS SSL Http Module

# re: Update for the MCMS SSL Http Module

# MCMS tip of the day - SSL protection for MCMS channels