My issue is precisely the one presented here, and I've decided to try rewrite all https requests to http. I've searched long and hard but there doesn't seem to be a definitive way to achieve this - see these questions (no solutions): Redirect https to http using rewrite rule in webconfig file ; https://stackoverflow.com/questions/15214717/iis-rewrite-https-to-http-whilst-keeping-existing-https-rules

I've added the rewrite module to IIS, and tried the following in web.config:

<rewrite>
  <rules>
    <clear />
    <rule name="force http" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

But it still allows the user to access a non-https site with https (essentially accessing a different site).

How do I force all https requests to be http requests?

edit: I've also tried every suggested solution here with no luck. The url rewrite module is definitely successfully installed on IIS!

edit2: Tried the following without success:

<system.webServer>
<rewrite>
  <rules>
    <clear />
    <rule name="force http" stopProcessing="true">
      <match url="(.*)" />
      <conditions logicalGrouping="MatchAll">
        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
        <add input="{HTTP_HOST}" pattern="^(?:www)?\.test.site\.com$"
            negate="true" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}"
            redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
</system.webServer>

I restarted IIS and the rewrite rules reflect in inetmgr. Loading https://test.site.com/ still loads with https.

A couple of things. First the rewrite needs to process when HTTPS is on and not off. Second, for the application that needs to run over HTTPS you will need to exclude it from the rewrite. The revised rewrite rule should look something like this:

<rewrite>
  <rules>
    <clear />
    <rule name="force http" stopProcessing="true">
      <match url="(.*)" />
      <conditions logicalGrouping="MatchAll">
        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
        <add input="{HTTP_HOST}" pattern="^example\.com$" 
            negate="true" ignoreCase="true" />
      </conditions>
      <action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" 
            redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

This should keep https://example.com/login on https and all other URL's will get redirected to http. For example, https://test.example.com/login will be redirected to http://test.example.com/login. This rewrite rule needs to be placed on the site with the HTTPS binding for the rewrite to work properly.

Please be aware when using a 301 permanent redirect some browsers won't make the request out to the server on subsequent hits so after changing the rule a browser cache clear is required. The network tab may even lie and say the request is made but an external tool like Fiddler or Wireshark will let you know for sure.