locked
All HTTPS RRS feed

  • Question

  • User346336082 posted

    Hi guys!

    What is the recommended way in 2019 to implement an ASP.NET Webforms site that is using just HTTPS?

    Thanks in advance for your help

    Tom

    Thursday, April 4, 2019 8:54 AM

Answers

All replies

  • User61956409 posted

    Hi Tom,

    What is the recommended way in 2019 to implement an ASP.NET Webforms site that is using just HTTPS?

    If you want to make users access your site using only HTTPS, to achieve the requirement, you can try to add a URL rewrite rule to the site's web.config file to force HTTPS.

    You can refer to the following SO thread and article that discussed some requirement of HTTPS only site:

    https://stackoverflow.com/questions/47089/best-way-in-asp-net-to-force-https-for-an-entire-site 

    https://www.c-sharpcorner.com/article/redirecting-http-request-to-https-using-web-config-file3/

    With Regards,

    Fei Han

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, April 5, 2019 2:43 AM
  • User-1038772411 posted

    Please use HSTS

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                            redirectType="Permanent" />
                    </rule>
                </rules>
                <outboundRules>
                    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                        <match serverVariable="RESPONSE_Strict_Transport_Security"
                            pattern=".*" />
                        <conditions>
                            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                        </conditions>
                        <action type="Rewrite" value="max-age=31536000" />
                    </rule>
                </outboundRules>
            </rewrite>
        </system.webServer>
    </configuration>
    protected void Application_BeginRequest(Object sender, EventArgs e)
    {
       if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
       {
        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
    +   HttpContext.Current.Request.RawUrl);
       }
    }

    Please Refer

    Friday, April 5, 2019 6:34 AM
  • User346336082 posted

    Hi Fei,

    You can refer to the following SO thread and article that discussed some requirement of HTTPS only site:

    https://stackoverflow.com/questions/47089/best-way-in-asp-net-to-force-https-for-an-entire-site 

    Thank you!

    Best regards
    Tom

    Friday, April 5, 2019 7:23 AM