Recently had this case where a certain hosting provider wanted to apply multiple SSL certificates to his HMC (Hosted Messaging and Collaboration) 4.0 solution. Now HMC comes with WSS (Windows SharePoint Service) v3 as part of the kit, along with Exchange Server 2007, ISA Server 2006 and some more tid bits which we don’t need to know about for now. You can find out more on what’s inside this HMC bag o’ goodies right here;
Microsoft Hosted Solutions Version History
http://technet.microsoft.com/en-gb/serviceproviders/cc678659.aspx
Now this particular chap wanted to install multiple SSL certificates so that his customer could secure any transactions that might be destined for their hosted WSS v3 site. Not a crazy suggestion at all. What stumped us in this whole procedure was that within the Provisioning System, there was no option to segregate the Web Applications. By default there is one Web Application that hosts all the top level sites and that’s pretty much it. Obviously, SharePoint being SharePoint, there’s more than one way to skin a cat so we hop into Central Administration and Extend the Web Application so as to include the https load balanced URL. Job done you might say, unfortunately…
There’s a gotcha with HMC 4.0.
After searching high and low for some support internally the ultimate source of the fix was this;
Creating Shared Hosting Solutions on Windows SharePoint Services 3.0
http://office.microsoft.com/download/afile.aspx?AssetID=AM102157711033
“In some situations, there may be a need to extend an HTTP Web application to an HTTPS Web application and have search results returned for both. This scenario arose with hosters who had customers that want to move from HTTP to HTTPS sites and couldn’t afford the overhead of doing a backup/restore for each customer’s site. Although this is an unsupported scenario, it can be made to work. The issue arises from the HTTPS site. Once the HTTP site has been converted to an HTTPS site, the search from the HTTPS site fails. The two URLs are shown below. The HTTP site returns results, while the HTTPS site doesn’t.”
“By modifying the query string in the URL, search results are returned”
“You will also notice that the results are HTTP links and not HTTPS – as it should be.”
“The workaround for the above issue involves developing an HttpModule that replaces the HTTPS in the query string, as well as redirects the search result links to HTTPS. A sample HTTP module can be found below:”
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Web.Configuration;
using System.Configuration;
using System.Diagnostics;
namespace SearchMapper
{
public class Mapper : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
return;
}
public void Init(HttpApplication context)
{
context.BeginRequest += new EventHandler(context_BeginRequest);
}
void context_BeginRequest(object sender, EventArgs e)
{
System.Web.HttpApplication Appl = (System.Web.HttpApplication)sender;
HttpContext cntx = Appl.Context;
// if the path is /_layouts/searchresults.aspx,
// modify the query string
if (cntx.Request.Url.AbsolutePath == “/_layouts/searchresults.aspx”)
{
string query = cntx.Request.Url.Query;
query = query.Replace(“?”, “”);
query = query.Replace(“https”, “http”);
cntx.RewritePath(cntx.Request.Url.AbsolutePath, “”, query);
}
// Implementation to be done by hosters
// if url is http://fqdn
// change url to https and redirect the request
}
#endregion
}
“In order for this HTTP module to be used by SharePoint, it needs to be compiled and deployed to the GAC. The Web.config for the Web Application should be modified by adding a new element ( as shown below ) to the httpModules section. Ensure that the PublicKeyToken matches the assembly that has been installed in the GAC.”
“Even though the search was conducted on a site with HTTPS, the results are returned with HTTP URLs (not HTTPS). In order to fix this problem, you can create a new HTTP module that maps the HTTP URLs to HTTPS URLs. The shell of the HTTP module is similar to the sample given above.”
Case closed.
Kristof Kowalski | kristof@kowalski.ms
