Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Friendly URLs and RegisteringFriendly URLs and Registering
Previous
 
Next
New Post
7/3/2008 10:19 AM
 
Bryan Ponnwitz

www.wwsport.com
Joined: 10/19/2005
Posts: 21

I run a DotNetNuke e-commerce site (4.8.3) and our web application vulnerability scanner is picking up a page where users can enter a password and have it sent clear text.  Obviously, this isn't desierable, so when I checked the URL of the page, it's picking up /tabid/[x]/ctl/Register/Default.aspx, which really doesn't require SSL.  Since the /ctl/Register portion of the URL is what's bringing up the registration page, I cannot enable SSL for it since the control could load on any page and only a few require SSL for our site.

So as a solution I wanted to setup a friendly URL filter to redirect any requests for the Register control to my registration page which is encrypted.  However, the friendly URL module doesn't seem to be working for my matches, maybe because the /ctl/ parameter is built into the core?  I'm not really sure but I could use some help!  I've tried to setup this match and several variations with no luck.  Can anybody help me?

.*/TabId/(\d+)ctl/Register(.*)/Default.aspx -> ~/Default.aspx?TabId=[x]
 
New Post
7/3/2008 2:08 PM
 
Tom Kraak


Joined: 12/26/2002
Posts: 458

Bryan - the core DNN Friendly Url provider does not do any redirection. For that you'll have to get a 3rd pary module.

And here is more DNN and SSL.

Tom Kraak
SEO Analyst
R2integrated
 
New Post
7/14/2008 9:44 AM
 
Bryan Ponnwitz

www.wwsport.com
Joined: 10/19/2005
Posts: 21

I understand that the module will not perform a redirect.  However, I thought that it would perform a HTTPContext.RewritePath() so that instead of bringing up the unencrypted /ctl/Register/ page, DNN would use my encrypted login page.  This is what I thought would happen:

  1. User makes request to /ctl/Register/Default.aspx
  2. URLRewrite module would perform a HTTPContext.RewritePath() so that any processing sees the current page as being the encrypted one.
  3. Seeing as how the login page is secured, the framework should now perform a redirect to the https:// version of the page.
  4. Now the user is at the correct URL with the login form displayed.

Is it possible to set this up?  I don't want users to be able to login using http://
 
New Post
7/17/2008 4:41 PM
Accepted Answer 
Bryan Ponnwitz

www.wwsport.com
Joined: 10/19/2005
Posts: 21

I was able to find a solution to this problem.  The URLRewrite module appears to be ineffective at providing a solution for this.  To solve this issue, I had to write my own module which hooked into the BeginRequest event of the web application.  I then manually check for /ctl/Register and redirect to the appropriate page.  I can't believe that I'm the first person to raise this question!  Isn't there any method one can use that's native to DotNetNuke?
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Friendly URLs and RegisteringFriendly URLs and Registering


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out