Most Popular

Login:

Your Login Details


Forget Your Password?

Create an account

Forcing SSL In IIS

Eric Randle posted about how to force SSL on an IIS website while still allowing normal access to redirect to the secured version.

I faced a problem recently where I needed to secure a web site so it can only  be accessed via HTTPS, and if someone accessed the page via HTTP it would flip it to HTTPS.  Through some searching I did find a solution that worked quite well.  Unfortunatley IIS6 doesn't provide the option to "Flip to HTTPS", it would be nice, but I had to find some code to do the job for me.  First thing first, set the site or virtual directory to Force SSL
checkforcessl.JPG

Next I created a virtual directory outside of my webroot and named it "forcessl", make sure you do not Force SSL on the forcessl virtual directory.  Then I installed .NET 2.0 framework since I am going to use a .NET solution.  I ensured that the site and virtual directory were using .NET 2;
dotnet2.JPG

Now that I have .NET 2.0 installed, the virtual directory created, and forced SSL on my site, I can create a file called "forcessl.aspx".  Here is the code;

You then just modify the 403.4 error message to use the newly created forcessl.aspx.

Another method of forcing SSL in IIS can be found on Microsoft's Support site.

Force SSL on IIS 6 -  [Eric Randle]

Digg del.icio.us Reddit

Posted on September 20, 2007

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment