Archived blog with a focus on DotNetNuke news, tips and tricks, DNN SEO, and insights and opinions about the DNN community at large.

First time here? You may want to check out the blog archive, subscribe to the RSS feed, sign up for free email updates, or follow me on Twitter. Thanks for visiting!

DNN SSL: Securing the Login, Register, Admin and Host Pages 

Posted on Thu May 22, 2008 by Tom Kraak
In: DotNetNuke, Ecommerce, DNN Tips & Tricks | 7 Comments

I am trying to SSL enable the Login, Register, Admin and Host pages, however, I see no way to do that in DotNetNuke. I am using version 4.8.2, and when I go to the pages section under admin I see no Register, Login or admin/host pages listed there.
So this begs the question, how do you mark the Secure Login checkbox on those pages when they aren't visible in the pages listing?

The other day I came across the above question on the dotnetnuke.com forum and it felt like a good opportunity to revisit the topic as its been well over a year since I first blogged about it.

Most of you are probably aware of the fact that native SSL support made its way into DNN with version 4.5.4. And right around that time John Mitchell published a short and sweet tutorial that shows you how to take advantage of the DNN’s new SSL capabilities and I urge you to first digest John’s post before following along here.

As you may have noticed, John’s walkthrough doesn’t directly address the common scenario of securing the DNN Login, Register, Admin, and Host pages, which is not as simple as you might expect. To SSL secure the Login and Register pages follow these steps:

  1. Create “custom” Login and Register pages by adding 2 new pages to your website.
  2. Drop the Account Login module onto your new Login page and drop the User Account module onto your new Register page.
  3. Then tell DNN about your newly created Login and Register pages by pointing to them via Admin > Site Settings > Advanced Settings > Page Management.
  4. Finally, mark the 2 pages as “Secure” via Page Settings > Advanced Settings > Other Settings > Secure as described in John’s tutorial.

Again, not as straightforward as it should be, but it certainly works.

What about the Admin and Host pages you say? Well, that’s a totally different dilemma, which I have not figured out yet - short of “hacking” the Tabs database table directly. And even that I have not tested yet, but I don’t see why it wouldn’t work. What certainly works is a 3rd party component that I’ve come to rely on (food for another blog post.)

With that said, does DNN support SLL natively? It sure does, but as with many initial attempts, it’s a little rough around the edges. What I would like to see in Cambrian (also known as DNN 5) is 3 additional checkboxes under Admin > Site Settings > Advanced Settings > SSL Settings to secure the Login, Register, and Admin pages. Will that work or does it spell trouble for multi-portal installations? What about the Host pages? Suggestions anyone?




Comments

Mitchel Sellers Thursday, May 22, 2008 at 11:12 AM Mitchel Sellers says:

Tom,

If you have not done so already, I strongly recommend posting your request/suggestion out at support.dotnetnuke.com so that it can get insto the "consideration queue" of the core team.

Jeff Kershner Wednesday, September 10, 2008 at 1:14 AM Jeff Kershner says:

Excellent article... t'was exactly what I was looking for! Thanks Tom...

Tom Kraak Wednesday, September 10, 2008 at 7:57 AM Tom Kraak says:

Thanks Jeff, I'm glad you found it useful and I hope to see you back.

Todd Sunday, December 14, 2008 at 6:31 PM Todd says:

thanks so much. this has saved m so much time

Tom Kraak Sunday, December 14, 2008 at 6:43 PM Tom Kraak says:

You are very welcome Todd.

Mark Monday, June 15, 2009 at 1:26 AM Mark says:

This will then create two login urls presumably because [site]/login.aspx will still be a valid url. How do I redirect or remove that page?

Tom Kraak Monday, June 15, 2009 at 9:27 AM Tom Kraak says:

@ Mark - DNN will redirect [site]/login.aspx to the "custom login" page specified under Admin > Site Settings > Advanced Settings > Page Management > Login Page.

The only problem with that is that it's a 302 redirect instead of a 301, which in all reality is only a problem if [site]/login.aspx has been indexed by search engines ... very unlikely though unless you have that hard-coded in your skin.

Comments are closed

Subscribe to our Feeds Follow on Twitter