Posted By Stephen O'Brien on 25 Feb 2022 09:20 AM fair enough, but DNN does provide an option to force SSL, so surely they thought about this need. Plus there's the fact that this has never happened with any previous implementation of web software I've used, DNN or otherwise. I think there may be an issue in this current release.
fair enough, but DNN does provide an option to force SSL, so surely they thought about this need. Plus there's the fact that this has never happened with any previous implementation of web software I've used, DNN or otherwise. I think there may be an issue in this current release.
This option was introduced to DNN a long long time ago - maybe because HSTS was not an option in IIS at this time, I don't know anymore. And remember the days when only login forms were HTTPS, and maybe contact forms etc., but not the whole site. This became "necessary" when Chrome and Firefox changed "secure" to "normal" and "normal" to "unsecure". So this otion is a compatipility option in my point of view.
As IIS is able to care about it, there is no more need that the web application is doing it. And therefore, I agree with Richard. Let IIS do the job, and don't care about the setting for each single page in DNN.
Happy DNNing! Michael
Michael TobischDNN★MVP
Just for documentation, I faced to a weird problem this morning: I set a SSL certificate on a DNN website and I enabled the SSL mode. I'm using DNN 9.10.2. When I tried to access to the homepage with my browser using the portal alias in http, it showned the homepage in http. I also can access it in https but I have to specify https in the browser. I have noticed that the homepage url was different in the menu and it forced the https usage. The portal homepage wasn't set in the portal settings. Setting it by selecting the homepage solved this.
Maybe it can help someone in the future.
One item I'd like to take a slightly different perspective on is whether you enable/enforce SSL from within DNN itself. I personally ensure that both DNN and IIS are enforcing SSL. This ensures that if one layer doesn't enforce it for some reason, the other will. Also, when you take a backup and restore it for testing/development, it's running in SSL by default. So, you can't forget to restore and test using SSL. It's basically a failsafe/fallback setting for my processes.
Now, that won't fix this issue.
One thing that's difficult for all of this is how difficult it is to get a clean test for this kind of issue. Web browsers and Windows both cache SSL settings in a way that's difficult to clear and test. You can even run the command to clear the local DNS, and run in incognito and will still get a false positive/negative.
When this happens to me, it's usually something very minor was missed, or there's a typo somewhere that's easy to overlook. Oh, or... There's a WAF (firewall) in place that also needs to be adjusted.
If all of that looks okay, the next step I'd take is to enable debugging everywhere, and then run the tests again. When you turn on all of the debugging features in DNN, it will report a bit more data about the friendly URLs. To ensure that it's easy to turn on/off debugging without making a mistake, we built a Prompt command to do that for you.
This video will show you more information about how to use the logs in DNN.
(By the way, I was just geeking out about how many times I answer forum posts with links to resources we created in the past for someone just like you.) 🤓
Hey Will, awesome respond man! I already book this in my favorites for troubleshooting on SSL scenarios. Thanks man
Thanks, Marco! Also, something I make sure I do will sound super-simple... Elementary, even! 😉
When troubleshooting this, I stop trusting my spelling too. Copy and paste is your friend at this point. Undoubtedly, there's a mispelling somewhere that is just too easy to miss. ☹️
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.