Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to redirect HTTP to HTTPS in MVC application (IIS7.5)

I need to redirect my HTTP site to HTTPS, have added below rule but I am getting 403 Error when tried using http://www.example.com, it works fine when I type https://www.example.com in browser.

<system.webServer>     <rewrite>         <rules>             <rule name="HTTP to HTTPS redirect" stopProcessing="true">                 <match url="(.*)" />                 <conditions>                     <add input="{HTTPS}" pattern="off" ignoreCase="true" />                 </conditions>                 <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />             </rule>         </rules>     </rewrite> </system.webServer> 
like image 728
Laxmi Lal Menaria Avatar asked Feb 09 '11 14:02

Laxmi Lal Menaria


2 Answers

You can do it in code:

Global.asax.cs

protected void Application_BeginRequest(){     if (!Context.Request.IsSecureConnection)         Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:")); } 

Or You could add the same code to an action filter:

public class SSLFilter : ActionFilterAttribute {      public override void OnActionExecuting(ActionExecutingContext filterContext){         if (!filterContext.HttpContext.Request.IsSecureConnection){             var url = filterContext.HttpContext.Request.Url.ToString().Replace("http:", "https:");             filterContext.Result = new RedirectResult(url);         }     } } 
like image 138
Chris Kooken Avatar answered Sep 19 '22 15:09

Chris Kooken


In the Global.asax.cs:

Simple redirect

protected void Application_BeginRequest() {     if (!Context.Request.IsSecureConnection         && !Context.Request.IsLocal // to avoid switching to https when local testing         )     {         // Only insert an "s" to the "http:", and avoid replacing wrongly http: in the url parameters         Response.Redirect(Context.Request.Url.ToString().Insert(4, "s"));     } } 

301 redirect: SEO best practice (Search Engine Optimization)

The 301 Moved Permanently redirect status response code is considered a best practice for upgrading users from HTTP to HTTPS (see Google recommendations).

So if Google or Bing robots will be redirected too, consider this:

protected void Application_BeginRequest() {     if (!Context.Request.IsSecureConnection         && !Context.Request.IsLocal // to avoid switching to https when local testing         )     {         Response.Clear();         Response.Status = "301 Moved Permanently";         Response.AddHeader("Location", Context.Request.Url.ToString().Insert(4, "s"));         Response.End();     } } 
like image 20
Matthieu Charbonnier Avatar answered Sep 22 '22 15:09

Matthieu Charbonnier