Introduction
Redirecting an HTTP connection to HTTPS is a very common
requirement for applications that use SSL channel. A common example is Outlook Web
Access (OWA). With Internet Information Services 7.0, we have a new
configuration system and a new user interface. Here are the steps that you will
need to automatically redirect an HTTP connection to HTTPS
Method 1
Configure Custom Error pages
By default, IIS will send detailed errors for local requests
and custom error pages for remote requests.
Step 1: Enable Custom Error pages
1.
Click on your application folder and switch to the Features View.
2.
Double click SSL Settings and check Require SSL and click Apply in
Action Pane.
Step 2: Configure Redirection
3.
Switch back to Features view and double click on Error Pages.
4.
In the action pane, click on Edit Feature Settings and under Error
Responses select Custom Error Pages. Then click OK.
5.
In the action pane, click on Add and configure the following:
a. Status code: 403.4
b. Click on Respond with a 302 redirect and provide the
absolute URL. Make sure you are using "https". Eg:
"https://www.yoursite.com."
Method 2
After configuring Custom error pages as described in Step 1,
Step 2 will configure a custom ASP page for redirection. This is beneficial if
you want to customize the redirection based on certain HTTP header variables,
etc.
1.
Create a virtual folder under Default Website. Eg: "ErrorPages."
Then put in an ASP script with the following in this folder:
Listing 1
<%
If Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect "https://" + Request.ServerVariables("HTTP_HOST") + "/AppFolder"
End If
%>
2.
Click on ErrorPages virtual folder, under Features View you need to
click on SSL Settings, making sure there is NO check mark against "Require
SSL."
3.
Switch back to Features view, select your application folder and double
click on Error Pages.
4.
In the action pane, click on Edit Feature Settings and under Error
Responses select Custom Error Pages. Then click OK.
5.
In the action pane, click on Add and configure the following:
a. Status code: 403.4
b. Execute a URL on this site
c. In URL (relative to site root)
provide: /ErrorPages/sslRedirect.asp and click OK
After performing these steps, open a browser and test your
site using your HTTP URL http://<yoursite> .
You should be automatically redirected to https://<yoursite>
.
Conclusion
I have tested these steps and found them to be working. It
should be easy to do this with IIS 7.0. Please feel free to send me your
feedback.