Force entire site HTTPS using Web.Config

[curt.ziegler]

I know this can be done in IIS, and it may even be the preferred method
but can someone help me redirect every http request to https? I think
it could be done in the global.asax.cs or web.config but would like to
know the best way first...

Thank you for any help.
Curt

 

[Mark Rae]

I know this can be done in IIS, and it may even be the preferred method
but can someone help me redirect every http request to https? I think
it could be done in the global.asax.cs or web.config but would like to
know the best way first...

I've never found anything better than this:
http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp?select=1095511&df=100&forumid=53615&exp=0

 

[curt.ziegler]

Thanks Mark,

I have this for now, I'll try that next & see if there are any
differences in speed

protected void Application_BeginRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsSecureConnection.Equals(false))
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+ HttpContext.Current.Request.RawUrl);
}
}

 

[Mark Rae]

Thanks Mark,

I have this for now, I'll try that next & see if there are any
differences in speed

protected void Application_BeginRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsSecureConnection.Equals(false))
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+ HttpContext.Current.Request.RawUrl);
}
}

I'm sure that will work OK for the single requirement that you have, whereas
WebPageSecurity.dll forces individual folders and files to be secure or not