Is there a better way to redirect an existing DNN site to SSL https:// ?


In the past we've had the requirement that DNN 5.x and all pages must be re-directed to HTTPS...
To accomplish this we simply added the following Redirect vb code to the site root's default.aspx starting at line 4





This worked great for a while... if a DNN site had a SSL certificate, then this instantly placed the entire site and any pages accessed by the user from http://www.mywebsite.com/mypage.aspx to SSL site of https://www.mywebsite.com/mypage.aspx




However after a recent upgrade from 5.x to 6.x we discovered that we had to change our redirect code on line 4 inside the dnn default.aspx file to the following to comply with C# language syntax:





IMPORTANT: This works by redirecting the entire site as SSL "AS LONG AS WE HAVE THE SSL CHECK BOX ENABLED" in the Admin Site Settings. This forces all the pages to SSL with out us having to go to each page settings and checking the page as SSL.Which can be pretty tedious if you have 50+ pages... Who has the time to mark one page at a time as secured on an existing site?


I would like to know if there is a better way in regards to DNN entire site SSL? Thus making all the pages redirect or display as SSL without my having to go to every page and marking as secured?




I posted this question in the DNN forum and so far 21 looks but no replies so i'm hoping I get a response from DNN Creative?

There's a discussion here: http://stackoverflow.com/questions/...-to-https. With Mitchel Seller and Bruce Chapman in the discussion, you know it's a good one.

As for marking the pages, it's not terribly difficult to do with SQL ...

Ok, Thanks for that tip from Stackoverflow.com, that was pretty helpful.




However here is an interesting solution discovered with the help of one of my C# programmers friends...


SOLUTION:
We tried the following and it WORKED FINE... so far..


1) Make sure you have "ONLY" SSL enabled under Admin Site Settings


2) In DNN version 6.x(ours was 06.02.05) locate the Default.aspx.cs file. Note make sure you make a backup of Default.aspx.cs and most important is LEAVE THE Default.aspx file alone this time... make no changes. Leave it as is out of box from DNN 6.x


3) Locate code lines 205&206 or find the text "private void InitializePage()" which is actually at code line 205... Now jump to line 206 and between lines 206 and 207 insert the following code:





This should take up code lines 207-212 and end just before the existing code of var tabController = new TabController(); on code line 214


4)Save the file.


That's it!...
For us this seems to work well so far... it is redirecting ENTIRE site or ALL pages to "HTTPS"


Without our having to go to every single existing page(about 50+pages) and selecting the SSL checkbox.


Again this worked for us... your situation may vary... but anyone in the forum who has a SSL server certificate setup on their DNN site and needs the entire site to be secured with SSL can give this a try.


If anyone has a better simpler solution they have tried... please feel free to add to this post.

Just remember that this change will be overwritten the next time you do an upgrade. Default.aspx.cs will likely be overwritten.

As long as you remember this, you should be fine.

But ... this is NOT the recommended approach ...

Agreed not the best stand out solution, but it is an approach that is running... as even with the Stackoverflow solution you would have to make sure if you moved your site to a different server, you would need the tech to have access to that server and reset IIS and everything up. In my case, i do not always have direct access to the production server IIS settings therefore, would like to try to avoid since i am NOT permitted to make custom changes to production server unless its a test box.


So although sloppy work-a-round for DNN, it DOES work... until DNN comes up with a better solution where you do not have to go to each page on an existing site and physically set an SSL checkbox....


For those who cannot have access to the server or change server's IIS frequently, needing such a work-a-round this does work but just remember you'll need to alter the defaut.aspx.cs code when you upgrade.


In my case, i just do not have constant access to production servers for this particular site... but i can upload an altered file to the server that has the SSL installed. Ideally you would prefer not to have to alter any core code... but if you are up against a tight deadline this is what our team had to do.


Again hopefully DNN will address this issue.