Redirect to SSL for entire ASP.NET application

S

Stephen Walch

I wish to enforce SSL for an entire ASP.NET application (including the
custom authentication page and all other pages). To achieve this, I am
using the "Require SSL" on the Virtual Directory in IIS. This works, but
when users hit the non-SSL version of the page (http:/...) they get an ugly
error message. Is there a way to automatically redirect to the SSL version
of the page (https:/...) instead?

I have searched for information and tried a couple approaches that I could
not get to work on my system. What is the best way to do this on Windows
2003?

Thanks!
- Steve
 
M

MSFT

Hi Steve,

In the IIS configration, you set a customized web page for a particular
error in "Custom Errors". For example, the error when you access your web
page with "http" is 403.4. You can specify the custom web page for this
error.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
S

Stephen Walch

I do not want to specify a custom web page. I want to automatically
redirect each http: request to the corresponding https: request. Surely I
do not have to set up a mapping for each and every page?
 
B

Brad

Stephen, something like the following would work for you.

VB.Net code in Global.asax:

Sub Application_BeginRequest(ByVal sender As [Object], ByVal e As EventArgs)
If Request.IsSecureConnection = False
Response.Redirect(Request.Url.ToString.Replace("http:", "https:"))
End If
End Sub

One point that you probably already know: Once a client begins https with
your site then all request is that session should be https unless "http" is
hardcoded in somewhere or client manually mistypes a url.


Brad
 
S

Stephen Walch

This solved our problem. Thanks!

Brad said:
Stephen, something like the following would work for you.

VB.Net code in Global.asax:

Sub Application_BeginRequest(ByVal sender As [Object], ByVal e As EventArgs)
If Request.IsSecureConnection = False
Response.Redirect(Request.Url.ToString.Replace("http:", "https:"))
End If
End Sub

One point that you probably already know: Once a client begins https with
your site then all request is that session should be https unless "http" is
hardcoded in somewhere or client manually mistypes a url.


Brad


Stephen Walch said:
I do not want to specify a custom web page. I want to automatically
redirect each http: request to the corresponding https: request. Surely I
do not have to set up a mapping for each and every page?
Click to expand...
Click to expand...
 
G

Guest

include the following in the head section :

<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL as string
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables
("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables
("URL")
Response.Redirect(strSecureURL)
End If
%>

this forces the page to load over SSL

Hope it helps.

Arno Broeders
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL from squarespace to my EC2 0
Configuring entire site for SSL 0
Auto redirect http to https 1
Infinite Redirect Loop When Going From non-SSL to SSL 1
SSL enabled ASP.NET application 6
ASP.NET and SSL question 5
SSL 2
SSL Forms Authentication Redirect - Problem Redirecting out of HTTPS 4

Members online

Total: 62 (members: 2, guests: 60)
Robots: 463

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,814
Latest member
SpicetreeDigital

Latest Threads

Top