http to https question

Question

User1510859543 posted

We are finishing a new asp.net website using framework 4.0 and are getting ready to deploy on a web hosting company.  The old site was a classic asp site and we want to use SSL but still want to allow users to prefix the site using http prefix.  What are some good ways to accomplish this?  Thanks.

Answer 1

User-760709272 posted

google "asp.net redirect http to https" will be a good start :)

Answer 2

User-1806150748 posted

http://blogs.msdn.com/b/sojesh/archive/2009/05/26/http-to-https-redirection-using-asp-net-http-module.aspx , this will help

Answer 3

User-1404016747 posted

You can do this using your Web.config.
The rule redirect all http requests to https allowing the site to be accessed using http but forcing it to https once accessed.

<configuration>
  <system.webServer>
    <rewrite>
      <rules>

        <clear />
        <rule name="Redirect to HTTPS" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
            <add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="Permanent" />
        </rule>

      </rules>
    </rewrite>
  </system.webServer>
</configuration>

Answer 4

User-1806150748 posted

Provided URL REWRITE MODULE is On in your IIS

Answer 5

User-1404016747 posted

Provided URL REWRITE MODULE is On in your IIS

Generally is.

Answer 6

User1510859543 posted

This looks like a simple solution.  I would prefer to only have to change my web.config file if that will satisfy the redirect.  What is the URL REWRITE MODULE and how would I know if it is installed?  We will be using a web hosting company for IIS website.

Answer 7

User-1404016747 posted

Just add the code to the Web.config and try it.
Either that or contact your host and ask them.

Like I said most hosts have the IIS URL Rewrites module enabled and there is really no benefit for any host not to have it on.

Answer 8

User1510859543 posted

My Visual Studio 2010 does not like the <rewrite> tag.

Answer 9

User-1404016747 posted

Visual Studio by default does not open an SSL port so it is redirecting to an address that does not exist when running in Visual Studio.
You can place the rewrite rule in your Web.Release.config that way it is added when the application is deployed yet not used when developing within Visual Studio.

Answer 10

User1510859543 posted

OK, I guess I'll just comment it out while testing here on http and then remove when running with SSL.

Answer 11

User-1404016747 posted

Yeah that's one way of doing it. You can look into Web.config transformations so you do not need to worry about commenting and uncommenting things going from development to deployment. http://blogs.msdn.com/b/webdev/archive/2009/05/04/web-deployment-web-config-transformation.aspx

Answer 12

User1510859543 posted

Will this solution cause any problems if the user DOES enter the https:// prefix?

Answer 13

User-1404016747 posted

No the rule is only applied if the user accesses the site not using https.

Answer 14

User1510859543 posted

Is the section below exact or do I need to replace the {} content?

          <conditions>

            <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
            <add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />
          </conditions>

Answer 15

User-1404016747 posted

Sorry for the delay.
Keep it as it is.