Jan11Written by:Will
1/11/2008
As of version 4.06.02, DotNetNuke (DNN) has the built-in capability of providing a Secure Socket Layer (SSL) connection for any page on the web site. Some of you may notice such a page when the little lock appears on your web browser, and the prefix for the URL is "HTTPS" instead of "HTTP". Doing this for your DNN web site is pretty simple.
As of version 4.06.02, DotNetNuke® (DNN) has the built-in capability of providing a Secure Socket Layer (SSL) connection for any page on the web site. Some of you may notice such a page when the little lock appears on your web browser, and the prefix for the URL is "HTTPS" instead of "HTTP". Doing this for your DNN web site is pretty simple.
Please Note: You should only enable SSL for pages that display or ask for sensitive information. All other pages will be much faster without it.
First of all, you need to have an SSL certificate installed on your server, and it needs to be available for your domain. Acquiring one and installing it is beyond the scope of this post, but a quick search on Google should get you going for either task.
Once you have SSL installed on your web server, you need to proceed with enabling it on DNN. If you don't, the UrlRewriter will keep reverting all HTTPS requests to HTTP. In order to do this, you must login as a "Host", and go into the "Site Settings" page in the "Admin" menu.
If you scroll down, you will find a section inside the "Advanced Settings" area called "SSL Settings". It will only be available to you if you are logged in with a host account.
In the "SSL Settings" section, check the checkbox labeled "SSL Enabled?".
I also would suggest checking the checkbox below it. It is labeled "SSL Enforced?". The logic of the labeling is a bit backwards. If you check that checkbox, the only pages that will be allowed to use the SSL protocol are ones where the "Page Settings" says to. This is what you want. Otherwise, after you go to the first SSL page, all subsequent page requests will continue to use the SSL protocol.
The next two fields only apply to those using a hosting provider. Contact your hosting provider for this information.
Now, create a new page on your portal. The location doesn't matter, but be sure that you uncheck the checkbox for "Display In Menu". Name this page something like "Site Login". Also, check the "Secure?" checkbox in the "Advanced Settings".
Once you are viewing the page, add the "Account Login Module" to it. Now, logoff and click the "Login" link on the web site. You should be looking at a secured page!