CodeSnip: Redirecting an HTTP Request to HTTPS in IIS 7.0
page 1 of 1
Published: 04 Jul 2008
Abstract
IIS 7 has a new User Interface and a new configuration system. In this article Sudeep provides step-by-step information on how to configure HTTP to HTTPS redirection which is a common requirement for Microsoft Exchange.
by Sudeep G
Feedback
Average Rating: 
Views (Total / Last 10 Days): 18225/ 27

Introduction

Redirecting an HTTP connection to HTTPS is a very common requirement for applications that use SSL channel. A common example is Outlook Web Access (OWA). With Internet Information Services 7.0, we have a new configuration system and a new user interface. Here are the steps that you will need to automatically redirect an HTTP connection to HTTPS

Method 1

Configure Custom Error pages

By default, IIS will send detailed errors for local requests and custom error pages for remote requests.

Step 1: Enable Custom Error pages

1.    Click on your application folder and switch to the Features View.

2.    Double click SSL Settings and check Require SSL and click Apply in Action Pane.

Step 2: Configure Redirection

3.    Switch back to Features view and double click on Error Pages.

4.    In the action pane, click on Edit Feature Settings and under Error Responses select Custom Error Pages. Then click OK.

5.    In the action pane, click on Add and configure the following:

a. Status code: 403.4

b. Click on Respond with a 302 redirect and provide the absolute URL. Make sure you are using "https". Eg: "https://www.yoursite.com."

Method 2

After configuring Custom error pages as described in Step 1, Step 2 will configure a custom ASP page for redirection. This is beneficial if you want to customize the redirection based on certain HTTP header variables, etc.

1.    Create a virtual folder under Default Website. Eg: "ErrorPages." Then put in an ASP script with the following in this folder:

Listing 1

<% 
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" + Request.ServerVariables("HTTP_HOST") + "/AppFolder"
End If
%>

2.    Click on ErrorPages virtual folder, under Features View you need to click on SSL Settings, making sure there is NO check mark against "Require SSL."

3.    Switch back to Features view, select your application folder and double click on Error Pages.

4.    In the action pane, click on Edit Feature Settings and under Error Responses select Custom Error Pages. Then click OK.

5.    In the action pane, click on Add and configure the following:

                   a. Status code: 403.4

                   b. Execute a URL on this site

                   c. In URL (relative to site root) provide: /ErrorPages/sslRedirect.asp and click OK

After performing these steps, open a browser and test your site using your HTTP URL http://<yoursite> .

You should be automatically redirected to https://<yoursite> .

Conclusion

I have tested these steps and found them to be working. It should be easy to do this with IIS 7.0. Please feel free to send me your feedback.



User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2014 ASPAlliance.com  |  Page Processed at 10/20/2014 5:43:19 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search