Redirecting from http to https in IIS7 (http2https Updated)

Posted: Sep 05, 2007  4 comments  

Average Rating


Share this Post

I had written a sample to redirect all http traffic to https (secure) in September 2006

In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.

So let us get into action (I'm using C# for this sample)

  1. Download and Install IIS7 Managed Module Starter Kit
    (Not really a requirement but it would make developing IIS7 modules easier)
  2. Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
  3. Add the following code in "Init" method
    // register for the BeginRequest event
    application.BeginRequest += new EventHandler(OnBeginRequest); 
    application.EndRequest += new EventHandler(OnEndRequest);
  4. Add the following method to implement "BeginRequest" event
    //BeginRequest implementation
    public void OnBeginRequest(Object sender, EventArgs e)
    HttpApplication app = (HttpApplication)sender;
    string HttpUrl = app.Request.Url.ToString(); 
       if (HttpUrl.StartsWith("http:"))                           //Redirection done only if URL starts with http:
       HttpUrl = HttpUrl.Replace("http:", "https:");
       app.Response.Redirect(HttpUrl.ToString(), true);           //Redirecting (http 302) to the same URL but with https
       app.Response.End();                                        //We don't want to any further so end
  5. Add the following method to implement "OnEndRequest" event

    //This is for scenario where SSL is forced on the site
    public void OnEndRequest(Object sender, EventArgs e)
      HttpApplication app = (HttpApplication)sender;
      if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
        string HttpUrl = app.Request.Url.ToString();
        if (HttpUrl.StartsWith("http:"))
            HttpUrl = HttpUrl.Replace("http:", "https:");
            app.Response.Redirect(HttpUrl.ToString(), true);

  6. Make sure you have the following in your web.config inside configuration tag
       <add name="redir" type="http2https.redir" />

Your http to https redirection sample is ready and also works if you force SSL!!!

How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Source code @


The only problem I found was when you have a section not unmarked for "Require SSL". I commented out the re-directed on BeginRequest and it looks like its working now.

Jul 08 2008 by Alex

Can we do it in iis? instead of using code and adding pages etc can we directly it in iis?


Jan 16 2009 by Web Development

Thank you for the comment and link Farooq.

This article was written to show how you can do the redirection from code...

Sep 24 2009 by sukesh

Submit a Comment

  • Plain text is accepted.
  • URLs starting with http:// are converted to links.