Dnn.Platform icon indicating copy to clipboard operation
Dnn.Platform copied to clipboard
verified publisher icon dnnsoftware

[Bug]: OAuth verification for Office365

Open vmasanas opened this issue 5 months ago • 1 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues

What happened?

Verification for OAuth authentication for SMTP server Exchange Online does not work if the SSL is not forced on PortalSettings

Steps to reproduce?

I have a site running on https and it's configured on web.config to always do a redirect to https That's the only configuration I do in DNN to setup https access.

Then I wanted to configure O365 smtp and at the last step it says to "Verify" the Oauth autentication.

I then makes a call to O365 and passes a url to "..../Authorize.aspx" under the ExchangeOnlineAuthProvider folder. The problem is the call is made as http not https even if the site is running under https.

The issue is that on this file https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Providers/SmtpOAuthProviders/ExchangeOnlineAuthProvider/Components/ExchangeOnlineOAuthProvider.cs#L111

it checks for SSL this way:

var sslEnabled = portalSettings.SSLEnabled && portalSettings.SSLSetup == DotNetNuke.Abstractions.Security.SiteSslSetup.On; var siteUrl = $"{(sslEnabled ? "https" : "http")}://{portalAlias.HttpAlias}"; return string.Format(Constants.CallbackUrl, siteUrl, portalId);

I never setup either of these settings on DNN and I've never had any problem running dnn on https other than in this scenario.

Should this be considered a bug or it's mandatory that we setup those two properties to True on PortalSettings if the site is running on https? To me it looks like a mistake, or at least to a full solution.

Current Behavior

The link for the callback is generated as http

Expected Behavior

The link for the callback should be https

Relevant log output

Anything else?

No response

Affected Versions

10.0.1 (latest v10 release)

What browsers are you seeing the problem on?

No response

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

vmasanas avatar Jul 31 '25 09:07 vmasanas

Hmm, off-the-cuff I would think the setting should be made to be https in DNN, it may cause such confusion otherwise.

valadas avatar Jul 31 '25 19:07 valadas