Starting with DotNetNuke 4.5.4 a new feature was added that would allow SSL support for specific pages. This new feature is something that many individuals had been requesting for a long amount of time and provides an easy way to switch from SSL to non-SSL within a DNN site. This article will discuss the new settings available as well as some limitations and items to remember regarding this implementation of SSL.
To successfully implement SSL Support within DotNetNuke a few new settings were needed at two different levels within the site to allow the new feature to work. The first addition was to the "Site Settings" section to allow definition of settings that are specific to the entire site. The second addition was to the "Page Settings" that actually determines if SSL is to be used. Each of these modifications will be discussed.
SSL - Site Settings
When working with the "Site Settings" (Admin -> Site Settings) you will now notice an additional option area that looks like the below.
These settings apply to the entire portal and are the first items you need to modify to enable SSL within your portal. Each individual setting will be discussed below.
This setting is the basic enabling of SSL Support this will enable the switching between SSL and non-SSL transmission by the front end pages
If this setting is enabled, a secure page will ALWAYS be visited via SSL and an unsecured page will ALWAYS be visited via standard HTTP. This ensures that users are ONLY on SSL for a long as needed, however, there is a slight performance implication as with this ALL pages must check to see if the request was via SSL, not just secure pages.
This setting is typically left blank as it specifies a non-standard SSL URL. If you have a site http://www.mysite.com and your SSL transmission url is https://www.mysite.com you do not need to set this property. However, if you are on shared hosting and do not have your own SSL certificate you can specify a third party SSL path that will be used when accessing the site via SSL. (NOTE: if you have this set you should ensure that this URL is also set as a portal alias to your portal)
If you have specified an SSL Url you must specify the "Standard URL" that a user will be returned to when they are taken away from te SSL protected pages.
SSL - Page Settings
When adding/editing pages within your DNN 4.5.4 (and later) website you will now notice one additional "Secure" setting under the Advanced -> Other settings.
This individual setting actually enforces the SSL requirement for a page. If a page has this option selected it WILL be transmitted via SSL for EVERY request.
As you can see enabling SSL is a VERY easy process within DotNetNuke, however there are a few important items that you must remember when performing administration to enable SSL. Below each general area of consideration will be discussed based on the type of issue.
Risks of Improper Config
If you happen to enable SSL on a page and do not have your SSL certificate configured properly, or if you do not have the proper redirection URL configured in Site Settings it is possible for you to be locked out of a particular page. You must be very careful during the administrative process to ensure that your SSL is configured properly as depending on which page is affected you might be forced to make database modifications to regain access to your site.
Limitations of SSL Support
It is important to remember that SSL is enabled on a page level and there is no ability to conditionally SSL protect a page. This has been a fairly common question for the DotNetNuke Core team as the ability to secure individual page views based on querystrings is something that is desired but not yet supported by the core.
Overall this should provide you an overview of the new SSL configuration options that are provided with DotNetNuke 4.5.4. You should also now be familiar with how you can enable SSL on your site and lastly you should have an idea of the general limitations of the DNN SSL support.