Redirecting from http to https in IIS7 (http2https Updated)

Wednesday, September 5, 2007

I had written a sample to redirect all http traffic to https (secure) in September 2006 http://www.awesomeideas.net/post/2006/09/03/Redirecting-from-http-to-https-in-IIS7.aspx

In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.

So let us get into action (I'm using C# for this sample)

Download and Install IIS7 Managed Module Starter Kit
(Not really a requirement but it would make developing IIS7 modules easier)
Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"

Add the following code in "Init" method

// register for the BeginRequest event
application.BeginRequest += new EventHandler(OnBeginRequest); 
application.EndRequest += new EventHandler(OnEndRequest);

Add the following method to implement "BeginRequest" event

//BeginRequest implementation
public void OnBeginRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
string HttpUrl = app.Request.Url.ToString(); 

   if (HttpUrl.StartsWith("http:"))                           //Redirection done only if URL starts with http:
   {
   HttpUrl = HttpUrl.Replace("http:", "https:");
   app.Response.Redirect(HttpUrl.ToString(), true);           //Redirecting (http 302) to the same URL but with https
   app.Response.End();                                        //We don't want to any further so end
   }
}

Add the following method to implement "OnEndRequest" event

//This is for scenario where SSL is forced on the site
public void OnEndRequest(Object sender, EventArgs e)
{
  HttpApplication app = (HttpApplication)sender;
  if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
  { 
    string HttpUrl = app.Request.Url.ToString();

    if (HttpUrl.StartsWith("http:"))
    {
        HttpUrl = HttpUrl.Replace("http:", "https:");
        app.Response.Redirect(HttpUrl.ToString(), true);
        app.Response.End();
    }
}

Make sure you have the following in your web.config inside configuration tag

<system.webServer>
<modules>
   <add name="redir" type="http2https.redir" />
</modules>
</system.webServer>

Your http to https redirection sample is ready and also works if you force SSL!!!

How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Source code @ http://www.awesomeideas.net/page/IIS7-http2https.aspx

The only problem I found was when you have a section not unmarked for "Require SSL". I commented out the re-directed on BeginRequest and it looks like its working now.

Alex - Tuesday, July 8, 2008 5:01:27 PM

Can we do it in iis? instead of using code and adding pages etc can we directly it in iis?

Regards,

Web Development - Friday, January 16, 2009 11:08:26 AM

Thank you for the comment and link Farooq.
This article was written to show how you can do the redirection from code...

sukesh - Thursday, September 24, 2009 8:36:17 AM

3 Comments