Skip to main content

Enabling SSL in Dotnetnuke and excluding few files from SSL Enforced process

We are using Dotnetnuke version 4.5.5 and implemented SSL effectively. We initially faced few issues which we resolved. I hope our learning will help others as well.

Our requirement was to use SSL on only pages that need to be secure and not on other pages. Also we do not want to see any alert message "This page contains both secure and non secure items".

To resolve the second issue we had to find any reference to non secure resource. In most of the case you probablly have a http link to any image. Best wat to find any HTTP link to image any JavaScript/CSS file is to view source and search for HTTP://. In our case the issue was due to Google Analytics code. This can be easily resolve by using the new code from Google Analytics.

Following are the steps you can follow to avoid all the issues:
1. Install SSL certificate
2. Login to portal using administrator or Host (super user) account.
3. Open Admin->Site Settings page.
4. Go to Advance settings-> SSL settings.
5. Check the "SSL Enable" check box. This option will enable "Secure" checkbox on the page->settings.
6. Now open the pages that you want to secure, e.g. shopping cart. Then click at page setting and then expand the advance setting. Now check the secure check box.
7. Do the same with other pages as well that you want to SSL enable.

Problem with about solution is that once user open any SSL enabled page then url automatically turned into https:// user. This is good but then user go to other pages and url still the https://. This is not good.

To resolve this issue you need to go back to Admin->Sit settings->advance settings->SSL settings and then
8. Check the "SSL Enforced" check box. When this option is set, Pages which are not marked as Secure will not be accessible with SSL and url will automatically change back to HTTP://.

problem with this solution is that is you using a page which is not a DNN page then you will not able to secure it. I mean you will not able to use HTTPS. DNN will always try to redirect back to http url. In our case we where using a ImagePage.aspx to retrieve the images from SQL database and display it on pages. On non-secure (non https)
pages that was working find but on secure pages DNN was trying to redirect imagepage url to http url. and that was breaking images.

We had two solution that either we write fully qualifies url wherever we were using imagepage aspx page to display images or change the DNN behaviour. We selected the second option and able to resolve the issue with single line of code. following is the solution.

Open the complete Dotnetnuke solution that includes library and website projects. Now open the following file:
Then open the following method:
Public Sub OnBeginRequest(ByVal s As Object, ByVal e As EventArgs)

Now change the following lines:

' manage secure connections
If ((Request.Url.AbsolutePath.ToLower.EndsWith(".aspx")) Then
If ((Request.Url.AbsolutePath.ToLower.EndsWith(".aspx")) And (Request.Url.AbsolutePath.ToLower.Contains("imagepage.aspx") = False) And (Request.Url.AbsolutePath.ToLower.Contains("image.aspx") = False)) Then

OR change following lines:
' if a protocol switch is necessary
If ((strURL <> "") Then
' if a protocol switch is necessary
If ((strURL <> "") And (Request.Url.AbsolutePath.ToLower.Contains("imagepage.aspx") = False) And (Request.Url.AbsolutePath.ToLower.Contains("image.aspx") = False)) Then

Here you can replace the "imagepage.aspx" & "image.aspx" with the pages you want to exclude the DNN SSL enforcement.

Compile the solution and you good to go.


  1. How did you SSL enable the login, register, admin, and host pages? They don't show up in the pages menu to mark the secure option.

  2. Hi Matto, I believe you can use the same logic that I used for the "imagepage.aspx" & "image.aspx" pages to exclude the DNN SSL enforcement. You can use the same logic to find "ctl/login" & "ctl/register" in the URL and enforce SSL (reverce of what I did for imagepages).

    IF (Request.Url.AbsolutePath.ToLower.Contains("ctl/login") = True)) Then

    Please let me know how it work.


Post a Comment

Popular posts from this blog

SharePoint WebPart Error - Unable to add selected web part (s) – MOSS 2007

ISSUE: Recently I faced this issue that when I try to deploy my WebPart.  Unable to add selected web part(s). WebPartName: Cannon unregister UpdatePanel with ID ‘ctl00RTMPanel’ since it was not registerd with the ScripManager. This might occure if the UpdatePanel was removed from the control tree and later added again, which is not supported. Parameter name: updatePanel.   I faced this issue twice and both the time the issue was not what display here. This could be sure to any error in the WebPart. Following are list resolution from multiple instances.   RESOLUTION: 1. Check the WebPartName.webpart file. Check whether you have a proper PublicKeyToken value. When I face the issue the value was PublicKeyToken=$PublicKeyToken$. If you have used WSP builder then in the Visual Studio you will find this file at \WebPartsProject\12\TEMPLATE\FEATURES\WebPartName\WebPartName.webpart. Sometime when you create a new WebPart using WSP builder then you do not get

TIME – 25 Best Blogs of 2009

Every year Time makes a list of best blogs in the world. They chose 25 blogs from millions of blogs in the world, spanning politics, housekeeping, astronomy and everything in between. Below if a direct link to the TIME website for the list. I also copied it to easy comparison of last year best with this year best blogs.   25 Best Blogs of 2009     25 Best Blogs 2008   25 Best Blogs of 2009 Talking Points Memo The Huffington Post Lifehacker Metafilter The Daily Dish by Andrew Sullivan Freakonomics BoingBoing Got2BeGreen Zen Habits The Conscience of a Liberal: Paul Krugman Crooks and Liars Generación Y Mashable Slashfood Official Google Blog synthesis bleat /Film Seth Godin's Blog Deadspin: Spor

Microsoft 2007 - Microsoft Technology That Defines a New Decade

Last year Microsoft came with VS.NET 2005, SQL Server 2005 etc. VS.NET 2005 was a major change over VS.NET 2003 in terms of feature, web controls and the way you program. Same is true for SQL Server 2005 you can now use C# or VB.NET to create store procedures and store procedures could be a .NET class. So no more missing of Oracle package in SQL Server. Be prepared for much more then this as Microsoft is now changing everything. Year 2007 Microsoft will bring a new Operating System named Vista (formerly code-named "Longhorn") First Look... that have completly new file system named WinFs and 1000s of new features. Vista will also come with WinFX which is set of next-generation managed APIs provided by Microsoft. Microsoft have created a new section in their MSDN website [ View ... ] so that people can start preparing for the next generation i.e. 2007. Here you can get information on Windows Presentation Foundation WPF (formerly code named "Avalon") provides the fo