How to redirect from HTTP to HTTPS in asp.net?


How can I redirect HTTP(not secured) to HTTPS(Secured domain) URL  in asp.net, here is my current code, which I am using in web.config

<configuration>
<system.webServer>
<rewrite>
    <rules>
	<rule name="HTTP to HTTPS redirect" stopProcessing="true"> 
	<match url="(.*)" /> 
	<conditions> 
		<add input="{HTTPS}" pattern="off" ignoreCase="true" />
	</conditions> 
	<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>   
    </rules>
</rewrite>
</system.webServer>
</configuration>

After adding this code in web.config, I got an error "Not Secured"


Asked by:- RameshwarLate
0
: 831 At:- 10/21/2017 7:44:59 AM
asp.net web.config system.web system.webServer http-to-https






2 Answers
profileImage Answered by:- bhanu

Using web.config you can ask IIS to redirect to HTTPS using the code below

  <system.webServer>
    <rewrite>
      <rules>
        <clear />
        <rule name="Redirect to https" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
            <add input="{URL}" pattern="(.*)XYZ" negate="true" ignoreCase="true"/>             
            <add input="{HTTP_HOST}" matchType="Pattern" pattern="^localhost(:\d+)?$" negate="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
        </rule>
        <rule name="redirect qawithexperts.com to www.qawithexperts.com">
          <match url=".*"/>
          <conditions logicalGrouping="MatchAll">
            <add input="{HTTP_HOST}" pattern="^www.*" negate="true"/>
            <add input="{HTTP_HOST}" pattern="localhost" negate="true"/>
          </conditions>
          <action type="Redirect" url="http://www.qawithexperts.com/{R:0}"/>
        </rule>
      </rules>
    </rewrite>
  </system.webServer>

Now, remember on server, you should bind your application to :443 port (which is used for https)

Login to you server-> Open IIS-> Expand server(Win---) -> Expand Sites -> Select Your Website -> In the right hand side pane (Actions Tabs) -> Click on Bindings -> Select "Add" -> Edit Site Bindings Details  -> Click "ok"

how-to-redirect-from-http-to-https-in-aspnet

<add input=”{HTTPS}” pattern=”off” ignoreCase=”true” /> is the main redirection rule that redirects HTTP requests to HTTPS (this is called 301 redirection)

2
At:- 10/26/2017 4:55:24 AM


profileImage Answered by:- vikas_jk

Try this code in your Global.asax (without using Web.config approach)

protected void Application_BeginRequest(Object sender, EventArgs e)
{
  switch (Request.Url.Scheme)
  {
    case "https":
      Response.AddHeader("Strict-Transport-Security", "max-age=300");
      break;
    case "http":
      var path = "https://" + Request.Url.Host + Request.Url.PathAndQuery;
      Response.Status = "301 Moved Permanently";
      Response.AddHeader("Location", path);
      break;
  }
}

The above code is using HSTS by returning the "Strict-Transport-Security" header to the browser

Or try this code 

protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}

One of them will work if you are on ASP.NET web forms website

For those who are using ASP.NET MVC & came across this question, you can use these code

Global.asax.cs

protected void Application_BeginRequest(){
    if (!Context.Request.IsSecureConnection)
        Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}

Or You could add the same code to an action filter:

public class SSLFilter : ActionFilterAttribute {

    public override void OnActionExecuting(ActionExecutingContext filterContext){
        if (!filterContext.HttpContext.Request.IsSecureConnection){
            var url = filterContext.HttpContext.Request.Url.ToString().Replace("http:", "https:");
            filterContext.Result = new RedirectResult(url);
        }
    }
}
0
At:- 10/21/2017 10:40:41 AM





Login/Register to answer
Or
Register directly by posting answer/details

Full Name *

Email *




By posting your answer you agree on privacy policy & terms of use