Like the question says, if I have a request for a page on my site like this
http://somename.something.here/Dada.aspx
to something like this
https://somename.something.here/Dada.aspx
Like the question says, if I have a request for a page on my site like this
http://somename.something.here/Dada.aspx
to something like this
https://somename.something.here/Dada.aspx
I prefer to (a) not redirect local connections (to ease development under VS), and (b) use a UriBuilder instead of a string.Replace as it's a bit more exact.
if (!Request.IsLocal && !Request.IsSecureConnection) {
var ub = new UriBuilder(Request.Url);
ub.Scheme = Uri.UriSchemeHttps;
ub.Port = -1; // use default port for scheme
Response.Redirect(ub.Uri.AbsoluteUri, true);
return;
}
You tagged ASP.NET so I assume you use IIS. Create a file in your Web Root of your web site, call it SSL_Redirect.htm or something like that. Put this Javascript in there:
<Script language="JavaScript">
<!-- begin hide
function goElseWhere()
{
var oldURL = window.location.hostname + window.location.pathname;
var newURL = "https://" + oldURL;
query = '' + window.location;
position = query.indexOf('?');
if (position > -1)
{
query = query.substring(position + 1);
newURL = newURL + "?" + query;
}
window.location = newURL;
}
goElseWhere();
// end hide -->
</script>
Now, go to the properties of your Web Site. Go to the Customer Errors Tab, look for the 403.4 error, edit it. Change it to use a URL of /SSL_Redirect.htm (or whatever you named it). Now, in the IIS Admin, find that file, SSL_Redirect.htm, right click, go to properties. Go to File Security and uncheck Require SSL for that particular file.
You're done.
I think it is as simple as witing
Response.Redirect("https://somename.something.here/Dada.aspx");
I remember dealing with the same issues a while back. I wanted to make sure certain pages were over https, while the rest were using http. I also wanted to be sure that once the visitor left the secure page for pages that didn't need to be secure they would flip back to http. To accomplish this I explored two options:
The first option was that I could use the free .NET URLRewriter project to rewrite specific pages outlined in the configuration file:
# HTTP REQUIRED PAGES
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !(/login\.aspx|/securepage\.aspx).*$ [NC]
RewriteCond %{HTTP_HOST} (.+)
RewriteRule ^(.*)$ http://%3$1 [R=301,L]
# HTTPS REQUIRED PAGES
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} (/login\.aspx|/securepage\.aspx).*$ [NC]
RewriteCond %{HTTP_HOST} (.+)
RewriteRule ^(.*)$ https://%3$1 [R=301,L]
Using this configuration I can ensure only the two pages are secure, while the rest will be insecure. I had fine results with this option.
The second option came after I located a complete solution dedicated to handling this very problem. The company is SanibelLogic and they have a product called SSLRedirect. This HTTPModule based solution does exactly what I needed. It does cost a little money but if you want something simple to implement and manage this might fit the bill. They even offer the source code if you want to edit anything about it...
I used both options for many months but ended up using the SSLRedirect product for its simplicity.
I hope this helps...
I just had the same problem but I found different solutions using purely IIS configuration.
There are two ways:
(1) The simple way is to just rename your MyWebApp to MyWebAppSSL for example. Enable SSL for the latter. Then create a new empty folder in your IIS called like the old MyWebApp. Click the Properties for MyWebApp, and under "Directory" choose "A redirection to a URL" and put http://MyServer/MyWebAppSSL
there. It is recommended to enable "A permanent redirection" for it. You don't need to click the "Create web application" button for MyWebApp by the way as it is not a web application but merely does redirect.
(2) The simple way has of course the disadvantage that from now on your application will run under a new name (with the -SSL ending in this example). If we need to keep it running under the same old name, it will also be possible by merely configuring IIS but we have to proceed a little bit differently. We will have to set up a new web space on our IIS running on a different port. I found this good description: How to Auto-Redirect to a SSL-secured Site in IIS.
Send a Redirect Header (302) to the browser.
Example:
Response.Redirect("WebForm2.aspx")
Article on the difference between Server.Transfer and Response.Redirect