unable to login to backend with umbracousessl set to true

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Roberto Bianchi 137 posts 446 karma points c-trib

Aug 02, 2017 @ 10:09
0

Unable to login to backend with umbracoUseSSL set to true
Hello,

if I set this key in the web.config
```
<add key="umbracoUseSSL" value="true" />
```
I cannot access to the backend of Umbraco, and the browser says this error:

The page redirect you too many times

Another problem is that with this key set to true Umbraco doesn't make a redirect for all pages to the https version. So I'm obligated to create this rule on the system.webserver section of the web.config:
```
<rewrite>
  <rules>
    <rule name="Force Https" stopProcessing="true">
<match url="(.*)" />
<conditions>
        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
```
Copy Link
David Armitage 508 posts 2078 karma points

Aug 30, 2018 @ 05:56

1

Hi,

I'm also having the same problem.

I enabled umbracoUseSSL to true and now the /umbraco is a dead link.

Copy Link
Roberto Bianchi 137 posts 446 karma points c-trib

Aug 30, 2018 @ 07:42

0

Really weird behavior...

Copy Link

Sebastiaan Janssen 5060 posts 15522 karma points MVP admin hq

Aug 30, 2018 @ 08:34

We recommend the following redirect, does that work?

            <rule name="Redirect to https" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <!-- Don't redirect to https on localhost -->
                    <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
                    <!-- Redirect everything else to https -->
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="true" />
            </rule>

Copy Link

Roberto Bianchi 137 posts 446 karma points c-trib

Aug 30, 2018 @ 09:10
0
The problem is not the redirect rule, but this tag
```
<add key="umbracoUseSSL" value="true" />
```
that avoids accessing the Umbraco's backend.
Copy Link
Sebastiaan Janssen 5060 posts 15522 karma points MVP admin hq

Aug 30, 2018 @ 09:16

1

Well.. it really isn't, in combination with the correct rewrite rule that setting works great.

Make sure to get the correct redirect in there and try the result in a completely fresh browser. You will need to clear your browser cache thoroughly because once you've made a permanent redirect your browser really, really, really wants to remember it.

And remember, if you're running on https with umbracoUseSSL set to false, the authentication cookie is sent in clear text, kind of defeating the purpose of running on https. :-)

Copy Link

Roberto Bianchi 137 posts 446 karma points c-trib

Aug 30, 2018 @ 09:30

Ok, thanks for your help. I'll try it soon. How can I also redirect to www version?

Now I use this rule:

<rewrite>
      <rules>
        <rule name="NOT WWW TO WWW" enabled="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" negate="true" pattern="^www\.([.a-zA-Z0-9]+)$" />
          </conditions>
          <action type="Redirect" url="http://www.{HTTP_HOST}/{R:0}" appendQueryString="true" redirectType="Permanent" />
        </rule>

        <rule name="Force Https" stopProcessing="true">
        <match url="(.*)" />
        <conditions>
              <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
        </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>

Copy Link

Sebastiaan Janssen 5060 posts 15522 karma points MVP admin hq

Aug 30, 2018 @ 09:36

1

This might be the source of your problem, why would you redirect to the http version instead of the https version directly?

Anyway, I couldn't tell you to be honest, I usually remove www as it has no purpose. :-)

Copy Link
Roberto Bianchi 137 posts 446 karma points c-trib

Aug 30, 2018 @ 09:58

0

Ok, how do you remove the www on the web.config?

Copy Link

Sebastiaan Janssen 5060 posts 15522 karma points MVP admin hq

Aug 30, 2018 @ 10:04

This one is for removing www! :)

    <rule name="Redirect to non-www URL" stopProcessing="true">
      <match url="^(.*)$" ignoreCase="false" />
      <conditions logicalGrouping="MatchAll">
        <add input="{HTTP_HOST}" pattern="^www\.(.+)$" />
      </conditions>
      <action type="Redirect" url="https://{C:1}/{R:1}" redirectType="Permanent" />
    </rule>

Copy Link

Roberto Bianchi 137 posts 446 karma points c-trib

Aug 30, 2018 @ 11:30

0

Thanks! :)

Copy Link
David Armitage 508 posts 2078 karma points

Nov 14, 2018 @ 07:26
0
Hey,

Did anyone fix this... I am still having the same problem.
1. If I set <add key="umbracoUseSSL" value="true" />the frontend works fine but the back office throws the following error.
This page isn’t working www.wayfairertravel.com redirected you too many times. Try clearing your cookies. ERRTOOMANY_REDIRECTS

And this is with all my rewrites disabled.
1. If I set <add key="umbracoUseSSL" value="false" />the front and back office work but the back office has a load of script errors. See attached
2. I've tried adding rewrite rules to force https and still the same problems. I I read someone in another thread had the same problem and was using cloudflare. The things is I am using the same so maybe there is some strange relationship there.
Thanks in advanced

David Armitage

Twitter: https://twitter.com/DavidA_Armitage
Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?