Monthly Archives: March 2012

Let TMG (ISA) redirect the user from https to http

This is an issue I’ve had twice in my life so I thought I should write about it.

The Problem

This applies to Microsoft ISA Server 2006 and TMG.

On our website we have logic that detects whether a page is HTTPS worthy.  If the page is deemed worthy (like a form), then the user is redirected to the same page but on https.
E.g.  http://www.mysite.com/someform.aspx redirects to  https://www.mysite.com/someform.aspx
However, if the page is not HTTPS worthy, like a plain content page, the opposite happens.  If HTTPS redirect to HTTP.
E.g. https://www.mysite.com/somecontent.aspx redirects to http://www.mysite.com/somecontent.aspx

So, this all works great with no ISA or TMG involved.  However, ISA/TMG does not like to fallback to HTTP if it is already serving the user on HTTPS.
In fact, ISA/TMG will actually rewrite the content in the 301/302 redirect message  to be in HTTPS if the client is already viewing the website in HTTPS, even if the web server is saying “please redirect to HTTP”.

To be clear, I’ll break it down.

  1. Request comes in for https://www.mysite.com/somecontent.aspx,
  2. We have decided that it doesn’t need to be HTTPS, so we will send a redirect command (aka response.redirect, 301 or 302) to the client: go to http://www.mysite.com/somecontent.aspx
  3. ISA/TMG being the proxy, decides that all content coming back to the client should still be HTTPS and therefore rewrites the 301/302 message as https://www.mysite.com.  Doh! Stupid ISA.
  4. Client receives the redirect message back to the exact same page that they were already on.
  5. Possible infinite redirect loop.  YAY!

The Solution

In your web publishing rule in ISA/TMG create a content rewrite rule for translating http://www.mysite.com to http://www.mysite.com.
That’s not a typo. It’s the same URL twice in the URL translation.  If you add this to your rule ISA/TMG will leave your web server references alone and NOT try rewrite them.

I hope this also saves you some pain one day.

 

 

Advertisements

Sharepoint 2010 Dynamic Navigation limited to 50 items?

Yup, it’s true…  For performance reasons, likely valid, the Site Map provider in Sharepoint 2010 is limited to 50.

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.publishing.navigation.portalsitemapprovider.dynamicchildlimit.aspx

I found a fix for this in Sharepoint 2007 that still works for 2010.  The following will allow unlimited dynamic navigation items to be shown.

1. Edit the web config for your application.

2. Find the <sitemap> section

3.  Add the text DynamicChildLimit=”0″ to each of the following keys.

<add name=”GlobalNavSiteMapProvider” description=”CMS provider for Global navigation” type=”Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” NavigationType=”Global” EncodeOutput=”true” DynamicChildLimit=”0″/>
<add name=”CombinedNavSiteMapProvider” description=”CMS provider for Combined navigation” type=”Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” NavigationType=”Combined” EncodeOutput=”true” DynamicChildLimit=”0″/>
<add name=”CurrentNavSiteMapProvider” description=”CMS provider for Current navigation” type=”Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” NavigationType=”Current” EncodeOutput=”true” DynamicChildLimit=”0″/>
<add name=”CurrentNavSiteMapProviderNoEncode” description=”CMS provider for Current navigation, no encoding of output” type=”Microsoft.SharePoint.Publishing.Navigation.PortalSiteMapProvider, Microsoft.SharePoint.Publishing, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c” NavigationType=”Current” EncodeOutput=”false” DynamicChildLimit=”0″/>

4.  Save and you’re good to go.