Reputation: 10030

Make website run on HTTPS only

I have a web application build in asp.net which runs on both HTTP and HTTPS.

I want to make it run only on HTTPS.

Any body having idea what changes it will involve

I have no idea about this?

Upvotes: 3

Answers (4)

Ian Newson

Reputation: 7949

The easiest way to do this is in IIS.

Under the website select 'SSL Settings' and tick the 'Require SSL' checkbox and click apply.

The benefits of this approach are it's safer (no chance of a bug in your code allowing non SSL requests) and it's easier and faster to implement. The drawbacks are that requests to HTTP URLs will not be automatically redirected, but you didn't state this is a requirement.

If it is a requirement, it's also possible to implement this using the IIS URL Rewrite module.

Upvotes: 0

dimonser

Reputation: 683

In the Global.asax.cs simply add this code. Consider Request.IsLocal for local development.

protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext context = HttpContext.Current;
    if (!context.Request.IsSecureConnection && !context.Request.IsLocal)
    {
        Response.Redirect(context.Request.Url.ToString().Replace("http:", "https:"));
    }
}

Read more about www and not www redirects here and here:

Upvotes: 1

adam.bielasty

Reputation: 701

You can add that code in your Global.asax.cs file

protected void Application_BeginRequest()
{
  if (FormsAuthentication.RequireSSL && !Request.IsSecureConnection)
  {
    Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
  }
}

Upvotes: 1

Thanga

Reputation: 8161

In your web server, Just Redirect the HTTP urls to corresponding HTTPS urls. Please check http://www.jppinto.com/2010/03/automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0/

Upvotes: 1

Make website run on HTTPS only

Answers (4)

Related Questions