X

Articles

Certificates and DNN as an Azure Web App Part 3

Certificates and DNN as an Azure Web App Part 3

So, the DNN site has now been successfully tested with HTTPS and everything seems to work OK. However, just for a laugh, the great Gods at Google have decided that preference in search results will be given to sites that only use HTTPS. The marketing department, in between their long lunches, naturally declare this is essential – or the world may end – so that means that you need to redirect all incoming HTTP requests to HTTPS and issue a 301 permanent redirect so The Google will smile upon you and yours.

Incidentally, I thought I had made up the part about Google preferring secured sites in search results but, some 3 weeks after the site was converted to HTTPS, referral traffic to the site via Google had increased by about 25%. That might just be coincidence of course but you never know.

If you were using a conventional server then you would do a redirect at server (IIS Level) or some trickery in the web.config file but this is the brave new world of Azure and the job is, for once, easier than you might imagine and all that needed to be done was to deploy an Azure Extension – basically add ins to perform a specific function - to the Web App and that was that.

The Azure Extension used was “Redirect HTTP to HTTPS” by Greg J Hogan and it was even free and required no configuration (which was as a bonus as it was getting late). You can add extensions by selecting Extensions from the Development Tools section of your Azure Web App.

 

azure extension
 

Notes

HTTP Strict Transport Security (HSTSC)

This is a very good thing as it can help reduce privacy leaks and downgrade attacks and there were even free Azure extensions to implement it so a bit of brief testing was undertaken to see if DNN on Azure would still work when so configured. Basically it did but there were a couple of things that may well require you to make some changes to your website before a production deployment.

At a medium setting for HSTS, the use of analytics tracking JavaScript and the Google Maps API were blocked by the browser. That’s not the end of the world as changing some directives would sort that but you should remember to test everything before switching to HSTS.

Another, fortunately easy to resolve, anomaly surfaced when the Persona Bar refused resolutely to load under HSTS – the Web Console in Firefox indicated that loading the Persona bar had been blocked by the security settings of the website- although it worked just fine under HTTPS. In my case, this was simply a CSS problem. The skin used by the DNN website running inside the Azure web app was just fine. This was verified by loading it onto a different test server. The test server used a base install while the production server was a migration to Azure so my attention was drawn to the base stylesheet used by DNN itself which can be found under Settings – Custom CSS. Sure enough, it had been changed at some time in the past while the installation on the test server had not. This style sheet contained nothing other than classes so hitting the Restore Default button and clearing the cache on the DNN portal got the Persona Bar working again.

That’s basically it. As always, make sure that you have worked out an extensive test plan – just because a website loads doesn’t mean that it will work - before undertaking the move to HTTPS and test as you go along but it was the Azure web app extension model made this part of the job a straightforward one.

Related

Tags

DNN, Azure, HTTPS, Certificates

Categories

Security, DNN, Azure

Share

Comments

  • Hello! I just would like to offer you a huge thumbs up for your excellent information you have got right here on this post. I'll be coming bqck to your web site for more soon.
    02/01/2018 07:22:25 Reply
  • What's up, yup this piece oof writing is actually fastidious and I have learned lot off things from it regarding blogging. thanks.
    28/12/2017 06:59:57 Reply
  • It's a pity you don't have a donate button! I'd certainly donate too this excellent blog! I guess for now i'll settle for bookmarking and adding your RSS feed too my Google account. I loook forward to new updates and will talk about thijs website with my Facebook group. Chat soon!
    04/12/2017 17:28:47 Reply

Post a Comment

Categories

  • ADFS
  • DNN
  • SCCM
  • Security
  • Office 365

Contact Details

Taur Productions Ltd.

  •  Suite 112,
  •  98 Woodlands Road
  •  Glasgow
  •  G3 6HB
  •  UK

The Company

Taur Productions is a IT services company with considerable experience in Active Directory design, SCCM and Office 365/Microsoft Exchange based messaging systems. Our specialisations include  Wintel server and network troubleshooting, server security remediation, virtualisation, mail migrations, web application deployment and application performance tuning.

fsb logo