How to Force Https Using a Web.Config File

How to force HTTPS using a web.config file

You need URL Rewrite module, preferably v2 (I have no v1 installed, so cannot guarantee that it will work there, but it should).

Here is an example of such web.config -- it will force HTTPS for ALL resources (using 301 Permanent Redirect):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

P.S.
This particular solution has nothing to do with ASP.NET/PHP or any other technology as it's done using URL rewriting module only -- it is processed at one of the initial/lower levels -- before request gets to the point where your code gets executed.

Use web.config to redirect HTTP to HTTPs

Thanks to Dan, this worked.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
        <rules>
      <rule name="HTTP to HTTPS redirect" stopProcessing="true">
        <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
    </rule>
            <rule name="WordPress Rule" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
                <action type="Rewrite" url="index.php" />
            </rule>
        </rules>
        </rewrite>
    </system.webServer>
</configuration>

Redirect HTTP to HTTPS in WEB.CONFIG compatible with IIS 8.5 (ASP.NET)

Looks like you forgot to install the rewriteurl module. Get it here:

http://www.iis.net/downloads/microsoft/url-rewrite

Web.config redirect from http to https for some sub-site

I managed to come up with a solution:

<rule name="Redirect to https">
  <match url="(.*)"/>
  <conditions>
    <add input="{HTTPS}" pattern="Off"/>
    <add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
    <add input="{HTTP_HOST}" pattern="(.*SomeWordFromMyUrl*)"/>
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
</rule>

Best way in asp.net to force https for an entire site?

Please use HSTS (HTTP Strict Transport Security)

from http://www.hanselman.com/blog/HowToEnableHTTPStrictTransportSecurityHSTSInIIS7.aspx

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                        redirectType="Permanent" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                    <match serverVariable="RESPONSE_Strict_Transport_Security"
                        pattern=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                    </conditions>
                    <action type="Rewrite" value="max-age=31536000" />
                </rule>
            </outboundRules>
        </rewrite>
    </system.webServer>
</configuration>

Original Answer (replaced with the above on 4 December 2015)

basically

protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}

that would go in the global.asax.cs (or global.asax.vb)

i dont know of a way to specify it in the web.config


Related Topics

Dependency Injection Unity - Conditional Resolving

Best /Fastest Way to Read an Excel Sheet into a Datatable

How to Set Aspnetcore_Environment to Be Considered for Publishing an ASP.NET Core Application

Enum Type Constraints in C#

Getting Data from Stored Procedure with Entity Framework

Linq Case Statement

Dynamically Generate Linq Queries

Check If Number Is Prime Number

Tolist()-- Does It Create a New List

Multiple Httppost Method in Web API Controller

Using Global Keyboard Hook (Wh_Keyboard_Ll) in Wpf/C#

Windows Impersonation from C#

Unrecognized Escape Sequence for Path String Containing Backslashes

How to Get the Calling Method Name and Type Using Reflection

How to Get the Exif Data from a File Using C#

Best Way to Resolve File Path Too Long Exception

Process.Waitforexit() Asynchronously

Wixsharp Debug Custom Action in Console


Leave a reply



Submit