Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Products › Development › Roadmap › SSL Register  |  

Affordable ASP.NET Hosting Service
  Owner  
Dan Caron
 


  Send Feedback  



Send

 
 


  Resources  
 


Enhancement
Secure Sockets Layer (SSL)
 


User Story
Currently, DotNetNuke does not officially support SSL. It's possible that it may work if the entire site was served up in SSL, from the first hit to the site...but there is no way to determine which functionality requires SSL, and which doesn't. For performance reasons, it's generally not advised to run your entire site on SSL because SSL does slow down the response of a web page.

The ideal situation is one where SSL can be required for a particular tab, and for login. Also, since IIS limits a single web site to a single SSL certificate, the solution will need to account for the possibility of many portal sites using SSL on a single, common domain.
 


Engineering Tasks
1. Move PortalAlias column out of Portals table and give it its own table.
a. Create PortalAlias table with the following columns:
-PortalAliasID
-PortalID
-HTTPAlias
-HTTPSAlias

2. Change configuration.vb - Add properties to PortalSettings for PortalAliasID, HTTPAlias, HTTPSAlias...keep PortalAlias for binary compatibility, but set its value to HTTPAlias. Also, change the objTab.URL to reflect the full path, including "http://" or "https://".

3. Add SecurityTokens table. When a site has a tab that requires SSL, a security token will be issued for the user in the form of a cookie...it will have the SecurityTokenGUID in it. When the user clicks on the tab to view the tab that requires SSL, the URL will have the HTTPS prefix added and the SecurityTokenID appended to the querystring. The SecurityToken system allows us to use a shared domain name for SSL that all portal sites can have access to...which falls within IIS's limitations of allowing only one SSL certificate per IIS website. The SecurityTokensTable will have these columns:
-SecurityTokenGUID
-SourcePortalAliasID
-DestinationPortalAliasID
-StartDate
-EndDate
The StartDate and EndDate are used to specify a period of time that the security token is valid. You can specify this in terms of minutes. This design reduces the possibility of a session getting hijacked.... When the security token expires, a new SecurityToken will be issued. The SourcePortalAliasID and DestinationPortalAliasID, in the case of SSL, will be the same. They are included in the table now to support cross-portal authentication in the near future. If you are on one portal and want to authenticate on another portal (in the same DNN installation) that you have access to, it will be possible with the security token.

4. Change Global.asax.vb to utilize the security tokens to force authentication if user is not already authenticated.

5. Change SolPartMenu.ascx.vb so it uses the security token as a querystring parameter when going to a tab that requires SSL.

6. Assure that there is no content being transmitted in HTTP on an HTTPS connection (images, .js files, etc.).
 


Acceptance Tests
Use module action menu to edit content
 


Hosting for DotNetNuke
SiteGround.com is the best place to host your DotNetNuke website! Expert DotNetNuke support, reliable servers, low price!
www.SiteGround.com 		Code Endeavors, LLC
Do you Endeavor to Enhance your DotNetNuke designs by utilizing AJAX technologies to more efficient interactive web experiences
www.codeendeavors.com 		T-WORX, INC.
Professional DotNetNuke Solutions
www.t-worx.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP