http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspxI was thinking to write an HttpModule for IIS7 and wanted a simple, useful and easily understandable scenario. Working with IIS customers for last 3 years one of those common scenario came into my mind, Redirecting http traffic to https. Although thisenCommunityServer 2007 SP1 (Build: 20510.895)http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspx#3452053Sun, 11 Oct 2009 02:35:08 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:3452053sukesh<p>This was a sample code to show how easy it is to do a redirection as IIS7 custom module.</p> <p>Since now you have url rewrite component available, I would suggest to go that route.</p> <p>A sample rule is given here...</p> <p><a rel="nofollow" target="_new" href="http://www.iis-aid.com/articles/how_to_guides/redirect_http_to_https_iis_7">www.iis-aid.com/.../redirect_http_to_https_iis_7</a></p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=3452053" width="1" height="1">http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspx#2429036Tue, 17 Jun 2008 17:57:14 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2429036Leshchinsky<p>Hi, I have the same problem. I'm using IIS 6.0. After moving from HTTP to HTTPs session have been dropped. Help me to resolve this problem. Thanks in advance.</p> <p>Vladimir</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=2429036" width="1" height="1">http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspx#2211549Tue, 04 Mar 2008 18:09:27 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:2211549Ian Hudson<p>I agree with you Sukesh, it&#39;s not common for customer to type in <a href="http://domain:443/" target="_new" rel="nofollow">http://domain:443</a> I think it would be easier actually to tell customers to just type in <a href="https://domain%20or/" target="_new" rel="nofollow">https://domain or</a> <a href="https://subdomain.domain/" target="_new" rel="nofollow">https://subdomain.domain</a> then adding the 443 port to the end there. &nbsp;But it&#39;s a good start. &nbsp;</p><img src="http://blogs.iis.net/aggbug.aspx?PostID=2211549" width="1" height="1">http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspx#1423365Tue, 10 Oct 2006 05:12:15 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1423365sukesh<p>Colin,</p> <p>Your implementation of SSL checking looks fool proof.</p> <p>But just another point, although 443 is a well defined port, you can host non-SSL site on 443 as well. So your mention of both url to be same is true in an ideal world only.</p> <p>Just FYI, from 3500+ customer I have worked with (in last 3yrs), haven't seen anyone using <a rel="nofollow" target="_new" href="http://domain:443">http://domain:443</a> for ssl. Secondly I also wanted to make my sample simple to understand.</p> <p>Thanks for your comment!</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=1423365" width="1" height="1">http://blogs.iis.net/sukesh/archive/2006/09/03/http2https.aspx#1388317Sun, 03 Sep 2006 18:44:58 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1388317colinbo<p>Perhaps this is just picky but I've found that relying on the URL isn't always accurate. &nbsp;For example, I've (rarely) seen some people do <a rel="nofollow" target="_new" href="http://domain.com:443">http://domain.com:443</a> which is the same as <a rel="nofollow" target="_new" href="https://domain.com">https://domain.com</a>. &nbsp;I've opted for the following server variable in the past. &nbsp;Is this variable emitted by IIS7?</p> <p>private static bool IsRequestSecure(HttpRequest request)</p> <p>{</p> <p> &nbsp; &nbsp;if ((String.Compare(request.ServerVariables[&quot;HTTPS&quot;], &quot;on&quot;, true, CultureInfo.InvariantCulture) == 0) |</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;(request.IsSecureConnection))</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;return true;</p> <p> &nbsp; &nbsp;else</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;return false;</p> <p>}</p> <img src="http://blogs.iis.net/aggbug.aspx?PostID=1388317" width="1" height="1">