When you order an SSL certificate from us, your primary domain name will be secured for free. So, if you order an SSL certificate for www.HostingAccountDomain.com, then HostingAccountDomain.com.com will be added as a Subject Alternative Name automatically.
So you can secure both www.HostingAccountDomain.com and HostingAccountDomain.com with just one certificate.
This works for any subdomain, not just for the www. prefix. You can order a certificate for login.HostingAccountDomain.com and HostingAccountDomain.com will be added to the certificate.
Here’s a sample certificate where you see both the subdomain and the primary domain secured:
Note that this is only applicable to single-level domains. For example, www.test.HostingAccountDomain.com will not secure test.HostingAccountDomain.com.
This works for all of the certificates available through Winhost!
It’s important to keep your web applications up-to-date. This prevents known vulnerabilities from being exploited and wreaking havoc on your site. That goes for any third-party software you might use on your site, but today we’re going to talk about updating DotNetNuke.
The most important thing before upgrading is to back up your current DotNetNuke site. Also, if you are using any third-party themes or modules, please contact the author(s) before upgrading to make sure they are still supported in the latest version of DNN.
Backing up the MS SQL database
This will place the backup of your MS SQL database within the App_Data directory with the file extension “.bak.”
Backing up your web site files via FTP
Downloading the upgrade files and Extracting
Important: you must know your SuperUser account login in order to upgrade.
You can download the Upgrade files through DNN’s download page.
Uploading the updated files
Over the years there have been a number of customers who have asked if Winhost supports NoSQL databases. There is actually one NoSQL solution you can install in our environment, and it’s RavenDB. In this guide, I will show you how to get started with it (i.e. installed and running) if you want to try it out. The instructions have been taken from the official site and modified for our hosting environment.
First, download the .zip file from the RavenDB website and then extract it. Open up the “Web” folder and make the following changes to the web.config file in that folder:
Change line 3 from:
<add key="Raven/WorkingDir" value="APPDRIVE:\Raven\" />
<add key="Raven/WorkingDir" value="APPDRIVE:\web\ftpusername" />
Replacing ftpusername with the correct value.
Add/Insert the following in between the <system.web></system.web> XML tags to enable Full trust:
<trust level="Full" />
Once you have finished making the changes to the web.config file, save it. Then upload the entire “Web” directory into your hosting space.
Using the Winhost Control Panel, create an Application Starting Point for the “Web” folder. Open the “Web” folder using a browser (e.g.: http://www.HostingAccountDomain.com/web).
You’ll get an error regarding WebSockets. You can open up a support ticket to have it enabled and have “Overlapped Recycle” disabled in your App Pool settings, and that should complete the installation so that you can try it out.
Broken image links are a common problem when you move your WordPress installation to another domain name or even to another subfolder. WordPress uses absolute paths to link images and objects to the page. The absolute path is usually defined during the initial WordPress setup process when you first configure WordPress. No problem right? You understand and know what absolute paths mean, and WordPress is working with no problems.
But what happens when you change the domain name for your WordPress site, or you move your WordPress site to a subfolder? Now you call on your WordPress site and some links are broken, images don’t show up, or some of the pages may come up with a 404 not found error. You right click on an image or object on the page and you can see the URL address does not match with the URL address on the address bar.
What a mess. Now what?
Fear not, this is actually a fairly easy fix!
There are a few easy way to fix this. The first thing to try is logging in to the WordPress admin section and changing the values in Settings > General. But sometimes the location change can make logging in to the admin section impossible, in which case you’ll want to try setting the new URL by either defining the SiteURL and Home variables in your configuration file, or going in to the database and changing them there.
Updating the wp-config.php file
Log into your site via FTP and look for the WordPress wp-config.php file. Open the file with a text manager such as NotePad and add these lines. Typically you should be able to add the lines under the connection string section of the configuration file.
/**Manually Define SiteURL and Home */
If you have just moved the WordPress files to a subfolder then the URL would look somewhat like this.
In my opinion, this is actually the easiest way to fix this. But some site owners don’t like to hard code values into the page, so the second way to solve the problem is to update the database. WordPress uses MySQL as it’s back end, and the SiteURL and HOME URL values are stored in there in plain text, so they’re easy to change.
Updating your WordPress database:
Log into your WordPress database. The table you will be looking for is wp_options. wp_ is the default prefix that WordPress will use in the initial setup. You may have used a different DB prefix during set up, but in general what you are looking for is the “Options” table.
Run this SELECT command against the Options table.
USE [Database Name]; SELECT option_name, option_value FROM wp_options WHERE option_name="home" OR option_name="siteurl";
You should see results similar to this.
To update the option_value column, just run this command against your database.
USE [Database Name]; UPDATE wp_options SET option_value="http://www.newdomain.com" WHERE option_name="siteurl" OR option_name="home";
If you are moving the WordPress site to a subfolder, the option_value would include the path to the subfolder:
That should be it. Either method will work. But don’t forget, at Winhost we can migrate your WordPress website for you. We’ll create and restore the MySQL database, update your connection string and make sure the absolute path it setup correctly. Simply contact our Support Department for more details on what we will need to migrate your site for you.
I’ve seen this before, a small or medium sized business pays a developer to build a NopCommerce website to run their online store. They pay several hundred – or even thousands – of dollars to get it up and running. Customized design and themes are added to give NopCommerce a custom look unique to the company. Everything goes well, the site is launched and the customer is happy. The developer has done their job and now they’ve moved on to their next project.
Then some months later the unthinkable happens, and the previously happy customer forgets the username or password to the NopCommerce admin account. They try to run through the NopCommerce password recovery process but it’s not working. They either don’t remember, or no longer have access to, the email address to the account. Regardless, the bottom line is that they do not know the credentials to your NopCommerce Admin account and the password recovery process is simply not working.
Luckily, if this ever happens to you there’s a work-around. You’ll need access to the SQL database that NopCommerce is using for the back end data source. You’re going to go directly to the database and change the password in the table that stores the admin account password.
But first you’ll need to create a new registered user in NopCommerce so that you will have a password that you can use to replace the admin account password. Log in to your NopCommerce site and click the “Register” link to set up a new user. You’re going to use the email address and password for this new user in the next steps.
Once the new user is created, log in to the NopCommerce database and search for the new user you just registered by running this SQL command against your database:
use [Database Name] go Select ID, Username, Password, PasswordSalt from dbo.Customer WHERE Usernamefirstname.lastname@example.org'
Replace email@example.com with the actual email address of the new user just registered. From the results of that command, copy the “Password” and “PasswordSalt” values.
Then run this update command:
use [Database Name] go Update dbo.Customer Set Password='<password copied from previous query>', PasswordSalt='<password salt copied from previous query>' WHERE ID='1';
The WHERE clause specifies the admin account, which will have ID value of ‘1’ since it is the first account created when setting up NopCommerce. Now you should be able to log in to the NopCommerce Admin account with the new password.
Prompted by a few customers who are boldly going where no programmer has gone before, I’m proud to say that you can deploy an ASP.NET 5 (vNext) application to Winhost. Even though it’s in Beta right now, and this article will show you how.
ASP.NET 5 (vNext) represents a fundamental shift in how applications are going to be developed in the future as you will be able to deploy the application in any environment (Linux, Mac, or Windows). It no longer requires a Global Assembly Cache (GAC) as all the assemblies and runtime libraries are obtained using NuGet and then packaged with your application making it self-contained. They are placed in a special approot folder which also contains your source code. The approot folder replaces the functionality of the App_Code or Bin folders. Another folder named wwwroot is also created which contains static files (e.g. html, css, images, etc) and is where your application is launched from.
Because it’s in Beta, I highly recommend that you pay attention to Microsoft’s Roadmap for the release schedule as I’m sure things will have changed by the time it’s officially released. And for the same reason, I can only say these instructions are applicable up to Beta6 in case things change in the future. I’m afraid this guide only covers the publishing portion. If you need help with developing an ASP.NET 5 (vNext) application and don’t know where to start, please make sure you visit the Official Website. I’m also sorry to say that Web Deploy publishing is not supported at this time, only FTP publishing.
Publishing to a sub-directory at Winhost:
A vNext application can only be created using Visual Studio 2015 Professional or higher, so you’ll need to obtain a copy, install it, and then launch the program.
A) Create a new project by selecting File -> New -> Project…
B) Under Visual C# (or the language of your choice), select Web and to the right, select ASP.NET Web Application. Give your project a name if you’d like.
C) In the New ASP.NET Project window, select Web Application for the ASP.NET 5 Preview Template and uncheck Host in the cloud under Microsoft Azure. Click OK continue.
E) Since this is sample application, we can just publish it without making any changes. Select Build -> Publish on the menu bar.
F) In the Profile section, select File System.
G) Name the profile.
H) In the Connection section, set the Target location to a directory that is easily accessible and click on the Next> button.
I) In the Settings section, set the Configuration to Release. For the Target DNX Version, it should match the framework your application is written in. DNX stands for .NET Execution Environment which allows your application to be deployed across different platforms (Windows, Mac and Linux). For more information, you can consult the DNX documentation.
If you plan to use the 64 bit versions of the CLRs, you’ll need to open up a support ticket to request that we disable 32-bit support for your application pool, otherwise, it won’t work properly. Uncheck Publish using Powershell script and click on the Next> button.
J) Click the Publish button to start.
K) Once the publishing has finished, you will see the two folders I mentioned earlier, approot and wwwroot. In the wwwroot folder, there is a web.config file that is used to direct the application on how to start. To protect the approot folder from being viewed, we’ll use Request Filtering, create a web.config file with the following markup, and place it in the root level of the site. Some applications require “Full” trust in order to run, so we’ll go ahead and add that to the web.config file as well.
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <trust level="Full" /> </system.web> <system.webServer> <security> <requestFiltering> <hiddenSegments> <add segment="approot" /> </hiddenSegments> </requestFiltering> </security> </system.webServer> </configuration>
L) Upload these two folders to your site and ignore the other files. Create an Application Starting Point for the wwwroot folder using the tool in the Winhost Control Panel.
Voila! Your application works but only from a sub-directory (i.e. http://www.mysite.com/wwwroot).
Publishing to the root at Winhost:
If you want your application to run from the root of your site, you just need to make a few modifications post publishing. Locate the project.json file in /approot/src/projectname directory and open it. Change the second line from “webroot”: “../../../wwwroot” to “webroot”: “../../..” Move the contents of the wwwroot directory up one file level. You’ll also need to merge the two web.config files and change the following lines:
<add key=”runtime-path” value=”..\approot\runtimes” />
<add key=”runtime-path” value=”.\approot\runtimes” />
<add key=”dnx-app-base” value=”..\approot\src\aspnet5demo” />
<add key=”dnx-app-base” value=”.\approot\src\aspnet5demo” />
Your application now works from the root.
Ftp’ing through Visual Studio
You can also use FTP to publish your files within Visual Studio by creating a publishing profile. Take any text editor, create a file and name it with a .publishsettings extension (e.g. my.publishsettings), and paste the following XML markup into the page:
<?xml version="1.0" encoding="utf-8"?> <publishData> <publishProfile profileName="FTP" publishMethod="FTP" publishUrl="ftp://ftpaddress" userName="username" userPWD="password" destinationAppUrl="http://httpaddress" /> </publishData>
Replace ftpaddress, username, password, and httpaddress with the appropriate values. Save the file. At Step F, instead of choosing File System, select the Import option instead and load the my.publishsettings file. Follow the rest of the steps to finish configuring the application. I wouldn’t recommend this method since you’ll need to download some files to make edits and then re-upload them, however, I wanted to make you aware that it is possible.
Please also take note that an ASP.NET 5 (vNext) application must be deployed to an IIS 7.5 or higher server.
Note: beginning with Chrome version 46 the yellow caution triangle has been removed from the https URL when Chrome encounters minor errors such as those described in this article.
If you use an SSL certificate (https) on your site, you may have seen a couple of new things happening in Google Chrome.
When you upgrade the Google Chrome browser to version 41 or later, you may see various warning messages such as, “The identity of this website has not been verified,” “Your connection to <domain> is not encrypted,” or other visual indications that the https connection is not secure.
Those indications can appear when your SSL certificate uses a SHA-1 signature (most SSL certificates issued before 2015 use SHA-1).
To fix the problem of browser security warnings you must get your SSL certificate re-keyed for SHA-2. If you don’t see those warnings in Chrome and you purchased your certificate recently, it may already be SHA-2. You can verify using this test site.
1) Contact us and we will re-generate and re-submit the CSR.
2) You’ll then get an email from GeoTrust with a link to complete the process. When completing the re-key on the GeoTrust site, be sure that SHA-2 is selected as the “Hashtag Algorithm.” You can find step-by-step instructions (and a video) here.
3) After you’ve completed the reissuing process, you’ll receive an email with the new certificate. Go to Control Panel and paste the new certificate into the SSL manager and you’re finished.
1) Contact us and we will re-generate the CSR and email it to you. Then you’ll have to contact the issuer of your certificate to get your certificate re-keyed for SHA-2.
2) When you receive the re-keyed certificate, go to Control Panel and paste the new certificate into the SSL manager and you’re finished.
There is another potential problem after you’ve re-keyed your SSL certificate. While the address bar will show the green lock icon, if visitors dig deeper in Chrome, they may see an “Obsolete Cryptography” message.
Basically what’s happening now is they are ignoring the cipher preference we use on the server (which includes their preferred ciphers) and pointing out any “weak ciphers” they find. You might notice that many large corporate sites (such as Apple) are also insecure according to Chrome, for similar reasons.
That “obsolete cryptography” message may be with us for a while because Google is not providing any information (yet) on exactly what they want from the server to stop calling it insecure. It would seem that what Google would like to see is every server everywhere removing support for all older cryptographic methods.
The problem with that is removing some of those methods will shut out visitors using some older browsers and operating systems that don’t support newer methods (i.e. Windows XP). Since our servers are shared by many customers, it isn’t really an option for us to make global changes that prevent some visitors – even a small number – from accessing our customer’s sites.
We do run some special servers that do not support any of the older cryptography methods, they are primarily used by customers who need a “hardened” server to pass a PCI compliance scan. But the added security comes at a cost, as older browsers can’t connect to sites on those servers via https. Additionally, a few other things that you may take for granted now may not work, or may require adjustment or a work-around on your part. But if you’d like to move your site to such a server, just let us know.
And of course we continue to monitor information from Google on recommended server configuration, as well as continuing to test various configurations ourselves to prevent the “obsolete cryptography” message.
If you have any trouble re-keying a certificate, or if you have any questions about these ongoing changes, drop us a line and we’ll do our best to help.
Did you know you could use a MySQL database to store your ASP.NET Membership Table information rather than Microsoft SQL Server? I’ve written this simple guide to help you get started.
First, create a MySQL database through the Winhost Control Panel. Click on the Sites tab.
Click on the Manage link and then click on the MySQL button.
Click the Add button and enter the values for Database Name, Database User, and Quota. Click the Create button to finish creating the database. Now click on the Manage link and record the connection information (Database Name, Database Server, Database User, and Database Password) on a piece of paper or a text editor such as Notepad.
Start Visual Studio and create a New Project by going to File -> New –> Project… (Ctrl+Shift+N).
Add the necessary .NET assemblies to your project using NuGet. Go to TOOLS -> Library Package Manager -> Manage NuGet Packages for a Solution… Type mysql in the Search field and hit Enter. Install both the MySql.Data and MySql.Web assemblies. A check mark will appear to the right when the assemblies have been installed.
Another way to verify that the assemblies have been installed correctly is that they will appear as References in the Solution Explorer window.
When you compile your project, a copy of these assemblies will be added to your local /bin folder which you will need to upload to your site account.
The next step is to modify the Web.config file with this markup:
<?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <connectionStrings> <add name="MySqlMembershipConnection" connectionString="Data Source=my02.winhost.com;user id=membership;password=password;database=mysql_48503_membership;" providerName="MySql.Data.MySqlClient"/> </connectionStrings> <system.web> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" /> <authentication mode="Forms"> <forms loginUrl="~/Account/Logon" timeout="30" name=".ASPXFORM$" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx" enableCrossAppRedirects="false" /> </authentication> <membership defaultProvider="MySqlMembershipProvider"> <providers> <clear/> <add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, mysql.web" connectionStringName="MySqlMembershipConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" autogenerateschema="true"/> </providers> </membership> <roleManager enabled="true" defaultProvider="MySqlRoleProvider"> <providers> <clear /> <add connectionStringName="MySqlMembershipConnection" applicationName="/" name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, mysql.web" autogenerateschema="true"/> </providers> </roleManager> <profile> <providers> <clear/> <add type="MySql.Web.Security.MySqlProfileProvider, mysql.web" name="MySqlProfileProvider" applicationName="/" connectionStringName="MySqlMembershipConnection" autogenerateschema="true"/> </providers> </profile> </system.web> </configuration>
Replacing the connection string section with the Winhost Connection String to your MySQL database. Save the file. The key to creating the tables is this attribute in the XML markup: autogenerateschema=”true” Now, select BUILD -> Build Solution (Ctrl+Shift+B) to compile your application, and then select PROJECT -> ASP.NET Configuration. This will launch the ASP.NET Web Site Administration Tool.
Once the tool has been launched, the tables will be created, and you can check by logging into your MySQL database using an administration tool like MySQL WorkBench.
Now, let’s build a very simple ASP.NET application that will allow you to create users. Go back to your project in Visual Studio, right click on your project name in Solution Explorer and select Add -> New Item… (Ctrl+Shift+A). Select Web Form and name the file. Switch to Design Mode. In the Toolbox Window, expand Login of the tree view, and drag and drop the CreateUserWizard control on to the page. Build your application.
Deploy your files to the Winhost server using FTP or Web Deploy and then access your site using a browser either with your domain name or Secondary URL. Fill out the create user form and click on the Create User button.
If you go back and access your database using MySQL WorkBench and query the my_aspnet_users table, you can see that the user was created.
You can also just use the ASP.NET Web Site Administration Tool to create the users. Of course, none of this information is necessarily new, so I want to thank Nathan Bridgewater’s blog and Oracle for helping me put together this tutorial for our customers at Winhost.