Friday, 25 July 2008

Enable SSL for selected Pages in MOSS

An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs

I came across a change request of my client who wants to enable SSL on selected pages in MOSS site collection. we all know that we can create SSL enabled web application from scratch. But here the requirement is unique and client requirement says he should be able to Enable SSL on pages of his choice. So it should be configurable and at same time we should be able to maintain session state across http and https. Amazingly MOSS has that ability to support session state when switching across HTTP and HTTPS. I followed the steps below and was able to achieve result
1) Wrote a custom HTTP handler which redirects http to https for selected pages.

2) The page list is read from web.config file.
****** Source code for HTTP handler************************
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Security;
using System.Diagnostics;

namespace muki.ForceSSL
{
public class ForceSSL : System.Web.IHttpModule
{
#region IHttpModule Members

public void Dispose()
{
throw new NotImplementedException();
}

public void Init(System.Web.HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);

}

#endregion

void context_BeginRequest(object sender, EventArgs e)
{
RedirectSSL(System.Web.HttpContext.Current.Request.Url.PathAndQuery);
}
public void RedirectSSL(string pageURL)
{
//check for the current page exists in the group of pages requiring SSL
//if page is found in ssl group then redirect using https:// otherwise redirect with http://
bool found = false;
string sslPages = System.Configuration.ConfigurationSettings.AppSettings["SSLPages"];
char[] separator;
separator = new char[] { ',' };
string[] pages;
pages = sslPages.Split(separator);
for (int i = 0; i < pages.Length; i++)
{

if( pageURL.ToLower().Contains(pages[i].ToLower()))
{
found = true;
break;
}
}
if (found)
{
if (System.Web.HttpContext.Current.Request.Url.Scheme.ToString() == "http")
{
string sURL = System.Web.HttpContext.Current.Request.Url.ToString();
sURL = sURL.Replace("http://", "https://");
System.Web.HttpContext.Current.Response.Redirect(sURL);

}
}
else
{
if (System.Web.HttpContext.Current.Request.Url.Scheme.ToString() == "https")
{
string sURL = System.Web.HttpContext.Current.Request.Url.ToString();
sURL = sURL.Replace("https://", "http://");
System.Web.HttpContext.Current.Response.Redirect(sURL);
}
}

}
}



}
**********************************Source code for Http handler ends**************
4) Sign this assembly and GAC it.

5) Add this line <httpmodules> section and see that this line is first among all
<add name="ForceSSL" type="muki.ForceSSL.ForceSSL, ForceSSL,Version=1.0.0.0, Culture=neutral,PublicKeyToken=xxxxxxxx" />
Add key in Appsettings of web.config file like this.
<add key="SSLPages" value="/SitesWithSSL/Pages/SSL1.html,/subsite/Pages/SSL1.aspx" />
we can add as many pages we need for this. All these pages would be SSL enabled.

6)Now come to IIS-->WebApplication which needs SSL enabling for selected pages

7)Navigate to Properties--Directory Settings--Secure Communications--Server Certificate-->Assign the existing certificate.
More Details on SSL enabling

8)Assign port 443 for SSL ( we can choose port of our choice, but we should be aware that 443, 80 doesnt require ports to be mentioned in URL, otherwise we have to tweak our code settings to read through those ports)

9)Please be sure that in Directory settings-->SecureCommunications-->Edit-->Require Secure Channel is NOT SELECTED.

10)Now come back to Central Administration-->Operations-->Alternate Access Mappings

11)Add the new URL via internal URL's link.
https://servername//.

12)Perform IISReset-->Now Browse Application..
we can see our selected pages(as specified in web.config) are over SSL mode and the rest are under normal HTTP.

Cheers! we are done