Skip to main content

Enabling SSL in Dotnetnuke and excluding few files from SSL Enforced process

We are using Dotnetnuke version 4.5.5 and implemented SSL effectively. We initially faced few issues which we resolved. I hope our learning will help others as well.

Our requirement was to use SSL on only pages that need to be secure and not on other pages. Also we do not want to see any alert message "This page contains both secure and non secure items".

To resolve the second issue we had to find any reference to non secure resource. In most of the case you probablly have a http link to any image. Best wat to find any HTTP link to image any JavaScript/CSS file is to view source and search for HTTP://. In our case the issue was due to Google Analytics code. This can be easily resolve by using the new code from Google Analytics.

Following are the steps you can follow to avoid all the issues:
1. Install SSL certificate
2. Login to portal using administrator or Host (super user) account.
3. Open Admin->Site Settings page.
4. Go to Advance settings-> SSL settings.
5. Check the "SSL Enable" check box. This option will enable "Secure" checkbox on the page->settings.
6. Now open the pages that you want to secure, e.g. shopping cart. Then click at page setting and then expand the advance setting. Now check the secure check box.
7. Do the same with other pages as well that you want to SSL enable.

Problem with about solution is that once user open any SSL enabled page then url automatically turned into https:// user. This is good but then user go to other pages and url still the https://. This is not good.

To resolve this issue you need to go back to Admin->Sit settings->advance settings->SSL settings and then
8. Check the "SSL Enforced" check box. When this option is set, Pages which are not marked as Secure will not be accessible with SSL and url will automatically change back to HTTP://.

problem with this solution is that is you using a page which is not a DNN page then you will not able to secure it. I mean you will not able to use HTTPS. DNN will always try to redirect back to http url. In our case we where using a ImagePage.aspx to retrieve the images from SQL database and display it on pages. On non-secure (non https)
pages that was working find but on secure pages DNN was trying to redirect imagepage url to http url. and that was breaking images.

We had two solution that either we write fully qualifies url wherever we were using imagepage aspx page to display images or change the DNN behaviour. We selected the second option and able to resolve the issue with single line of code. following is the solution.

Open the complete Dotnetnuke solution that includes library and website projects. Now open the following file:
Then open the following method:
Public Sub OnBeginRequest(ByVal s As Object, ByVal e As EventArgs)

Now change the following lines:

' manage secure connections
If ((Request.Url.AbsolutePath.ToLower.EndsWith(".aspx")) Then
If ((Request.Url.AbsolutePath.ToLower.EndsWith(".aspx")) And (Request.Url.AbsolutePath.ToLower.Contains("imagepage.aspx") = False) And (Request.Url.AbsolutePath.ToLower.Contains("image.aspx") = False)) Then

OR change following lines:
' if a protocol switch is necessary
If ((strURL <> "") Then
' if a protocol switch is necessary
If ((strURL <> "") And (Request.Url.AbsolutePath.ToLower.Contains("imagepage.aspx") = False) And (Request.Url.AbsolutePath.ToLower.Contains("image.aspx") = False)) Then

Here you can replace the "imagepage.aspx" & "image.aspx" with the pages you want to exclude the DNN SSL enforcement.

Compile the solution and you good to go.


  1. How did you SSL enable the login, register, admin, and host pages? They don't show up in the pages menu to mark the secure option.

  2. Hi Matto, I believe you can use the same logic that I used for the "imagepage.aspx" & "image.aspx" pages to exclude the DNN SSL enforcement. You can use the same logic to find "ctl/login" & "ctl/register" in the URL and enforce SSL (reverce of what I did for imagepages).

    IF (Request.Url.AbsolutePath.ToLower.Contains("ctl/login") = True)) Then

    Please let me know how it work.


Post a Comment

Popular posts from this blog

SharePoint WebPart Error - Unable to add selected web part (s) – MOSS 2007

ISSUE: Recently I faced this issue that when I try to deploy my WebPart.  Unable to add selected web part(s). WebPartName: Cannon unregister UpdatePanel with ID ‘ctl00RTMPanel’ since it was not registerd with the ScripManager. This might occure if the UpdatePanel was removed from the control tree and later added again, which is not supported. Parameter name: updatePanel.   I faced this issue twice and both the time the issue was not what display here. This could be sure to any error in the WebPart. Following are list resolution from multiple instances.   RESOLUTION: 1. Check the WebPartName.webpart file. Check whether you have a proper PublicKeyToken value. When I face the issue the value was PublicKeyToken=$PublicKeyToken$. If you have used WSP builder then in the Visual Studio you will find this file at \WebPartsProject\12\TEMPLATE\FEATURES\WebPartName\WebPartName.webpart. Sometime when you create a new WebPart using WSP builder then you do not get

Could not open virtual machine – vmx is not a valid virtual machine configuration file

I recently faced an issue with one of my VMWare virtual machine that when I try to run this virtual machine it did not work. VMWare display this message that “Could not open virtual machine: .vmx. ".vmx" is not a valid virtual machine configuration file.” ISSUE: Could not open virtual machine: G:\VPC\RakhiQAXPProfQtp\Windows XP Professional.vmx. "G:\VPC\RakhiQAXPProfQtp\Windows XP Professional.vmx" is not a valid virtual machine configuration file. I try to open .vmx file [G:\VPC\RakhiQAXPProfQtp\Windows XP Professional.vmx] in notepad then I found it was empty (0 KB). Resolution: I wanted to resolve it quickly so I try following method and it worked very well. But this is not a valid documented process so please try with caution. Following are the steps 1. First of all go to the folder where you have your virtual machine and delete all .lck folders. 564df2d4-03de-04e8-d1c3-bd2d53dcb1b7.vmem.lck Windows XP Professional.vmdk.lck

How To Create Virtual Machine Using Existing vmdk file in VMWare Workstation

vmdk file is hard disk of the VMWare virtual machine. There are many scenarios where you may need to create a new virtual machine for an existing vmdk file. This is also an alternate Method to the “ vmx is not a valid virtual machine configuration file – Could not open virtual machine ” issue. Please refer to the previous post “ Could not open virtual machine – vmx is not a valid virtual machine configuration file ” for a full list of possible resolution. This post is to describe one of the solution in more details. How To Create a new virtual machine & attach the existing .vmdk file: 1. Open VMware and select create a new virtual machine with custom (advanced) configuration option. 2. Chose “I will install the operating system later”. and chose “I will install the operating system later”. 3. Select the operating system that matches the operating system in your existing .vldk file. 4. Select a location of the new virtual machine 5. Chose “Use an exis