Home / server / Questions / 329560
Accepted
John
Asked: 2011-11-10 16:40:14 +0800 CST

Force SSL for IIS 6

  • 772

What is the best way to force HTTP requests to HTTPS requests on IIS 6? For example, I have both a directory and a whole site that I need to force HTTPS on for two different servers. What is the best or preferred method of accomplishing this? This will need to redirect requests that come in on HTTP to HTTPS. I was thinking of something along the lines of mod_rewrite from the Linux world.

Note that I already have a certificate installed and working.

windows-server-2003 http ssl https ssl-certificate

2 Answers

  1. Best Answer

    Sometimes I have a hard time deciphering exactly what's being asked, but I think this is what you're after:

    Right click the web site in question in IIS Manager, click the Directory Security tab, click the Edit button under the Secure communications section, check (enable) the Require secure channel (SSL) check box.

    • 2

  2. One method is to include this in your global.asax.cs. 

    protected void Application_BeginRequest(object sender, EventArgs e)
{
    if (!Request.IsSecureConnection)
    {
        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
    }
}

    See:

    https://stackoverflow.com/questions/47089/best-way-in-asp-net-to-force-https-for-an-entire-site/47095#47095

    • 1