I have a site that, by design and client preference, can be served using HTTP or HTTPS. The client company simply chooses whether or not to link to our site using the http:// or https:// and IIS does the rest. A feature is being added to a page which deals with sensitive information that should only ever be viewed over SSL. Clients have agreed that this additional feature should be disabled on this page when not using an HTTPS connection.
In the Page_Load event I would like to add an IF statement that checks to see if the page is currently being viewed over HTTPS in order to show or disable this optional feature. I can probably read the URL to see if it begins with https:// but worry that the approach is insecure.
Is there a property that can be checked to test for HTTPS during the Page_Load event?
You're looking for Request.IsSecureConnection
.
If you're using IIS 7 (or later) and are planning to redirect a request arriving at your page over an HTTP connection to an HTTPS connection, consider using the IIS URL Rewrite Module.
You'll be able to configure a solution rather than code it. For example you could configure a Redirect Rule to take a URL like http://my.host.com/my-secure-page.aspx
and redirect it to https://my.host.com/my-secure-page.aspx
.
You can do a whole lot more with this module and the beauty of it is you can do it without touching your application code.
See Redirect HTTP to HTTPS with IIS 7 for more details.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With