This project is read-only.

Exception in new Orchard.SecureSocketLayer on Home page display

Topics: Administration, Troubleshooting, Writing modules
Oct 23, 2013 at 11:00 AM
Edited Oct 23, 2013 at 11:05 AM
I downloded yesterday the last 1.7.x code and do the exchange between the old contrib and the new Orchard module. Every thing seemed ok, but this morning after a window restart, I am getting an exception in method SecureSocketsLayerService.ShouldBeSecure when my site try to display its home page.
The first page is not displayed it renders an HTTP 500, but admin pages display normally.

My ssl config is to use selected secured paths, not all pages.

The exception occurs in the following lines of SecureSocketsLayerService.ShouldBeSecure
var url = urlHelper.Action(actionName, controllerName, requestContext.RouteData);

            return IsRequestProtected(
                url, requestContext.HttpContext.Request.ApplicationPath, settings);
urlHelper returns a null value with the parameters
actionName: Display
controllerName: Item
Id (in RouteDtata): 12
requestContext.RouteData ->Datatoken count=0, Route & RouteHandler null=null

I have not opened directly an issue because I already got this problem of first page not displaying (but admin ok) but it was caused by a corrupted DB and restarting on a new one solved the problem....
Is there a problem in my routing table ? How to debug this ?

If I catch the exception my page displays ok and all is Ok ?

EDIT: I run in .net 4.5
Oct 26, 2013 at 8:45 AM
I don't understand why urlHelper.Action(actionName, controllerName,, requestContext.RouteData); returns null with these parameters ?
actionName: Display
controllerName: Item
Id (in RouteData): 12
requestContext.RouteData ->Datatoken count=0, Route & RouteHandler null=null
Oct 26, 2013 at 8:47 AM
Specify the area? Debug into it?
Oct 26, 2013 at 8:50 AM
Also make sure that the area specified actually exists.
Oct 26, 2013 at 9:05 AM
@Bertrand: it is my Home page built with Orchard Core system, no custom contentitem, shoudl I specify the area ? (Hey it is your code :) )

namespace Orchard.Core.Containers.Controllers {
public class ItemController : Controller {
I hope the area exists ? what is the area for Orchard.Core ?
Oct 26, 2013 at 9:08 AM
You specify the area, like everywhere else, as part of the route data. Not knowing what your home page consists of, or what the repro is, or what the stack trace looks like, or how the SSL module is configured on your site, I'm shooting in the dark here.
Oct 26, 2013 at 9:21 AM
The exception occurs in an Orchard just downloaded with actual 1.7: activate the feature SSL ( solve the pb you have with the HTTP 500 error ), then set parameters to have custom ssl, set the correct protected non protected then go to Home Page.

I have set tracing and get no trace for this, I am unable to trace into the urlHelper.Action.

The method you use is:
        private bool ShouldBeSecure(RequestContext requestContext, ActionExecutingContext actionContext) {
            var controllerName = (string) requestContext.RouteData.Values["controller"];
            if (controllerName == null) return false;
            var actionName = (string) requestContext.RouteData.Values["action"];
            if (actionName == null) return false;

            if (actionName.EndsWith("Ssl") || controllerName.EndsWith("Ssl")) {
                return true;

            var controller = (actionContext != null
                ? actionContext.Controller
                : ControllerBuilder.Current.GetControllerFactory()
                    .CreateController(requestContext, controllerName)) as ControllerBase;
            if (controller != null) {
                var controllerType = controller.GetType();
                if (controllerType.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) {
                    return true;
                ActionDescriptor actionDescriptor;
                if (actionContext != null) {
                    actionDescriptor = actionContext.ActionDescriptor;
                else {
                    var controllerContext = new ControllerContext(requestContext, controller);
                    var controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
                    actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
                if (actionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Any()) {
                    return true;

            var settings = GetSettings();
            if (settings == null) return false;

            if (settings.SecureEverything) return true;

            if (controllerName == "Account" &&
                (actionName == "LogOn"
                 || actionName == "ChangePassword"
                 || actionName == "AccessDenied"
                 || actionName == "Register"
                 || actionName.StartsWith("ChallengeEmail", StringComparison.OrdinalIgnoreCase))) {
                return true;

            if (controllerName == "Admin" || AdminFilter.IsApplied(requestContext)) {
                return true;

            if (!settings.CustomEnabled) return false;

            var urlHelper = new UrlHelper(requestContext);
            var url = urlHelper.Action(actionName, controllerName, requestContext.RouteData);

            return IsRequestProtected(
                url, requestContext.HttpContext.Request.ApplicationPath, settings);
I try setting this
        if (url == null && requestContext.HttpContext != null )
            url = requestContext.HttpContext.Request.RawUrl;

Oct 26, 2013 at 9:22 AM
Did you file a bug for this?
Oct 26, 2013 at 9:26 AM
Yes sir

last point, with a break point on the url line, I get this rawurl

url = "/814cd2dccbde4a3aa939ecb9decc8fab/arterySignalR/ping?requestUrl=http%3A%2F%2Flocalhost%3A30322%2F&browserName=Internet+Explorer&_=1382775762270"

Do you know who are these arterySignalR pinging my home PC ?
Oct 26, 2013 at 9:38 AM
Edited Oct 31, 2013 at 6:03 PM
Discovered it's the VS2013 'Browser Link' feature... polluting my debuging.... just to uncheck 'Allow Browser link' to suppress