Menu
I'm wondering if there is a way to ensure that an ASP.NET application can only be run using the HTTPS protocol
I'm fine with any code (defensive programming measure perhaps?) that can do the trick, or possibly some IIS/web server setting that can get the job done.
673
IIS will definitely allow you to require HTTPS. The instructions are here.
Edit: I had to go dig for it, but there's also Request.IsSecureConnection for defensive programming.
184
The only problem with enforcing the SSL on the IIS level is that the user receives an ugly 403.4 page error
"The page must be viewed over a secure channel"
To make the transition seamless, you could redirect the user to the secure site using the Request.IsSecureConnection if they do not generate the request over SSL.
32
There is a nice article that has some good information and a helper utility class on this subject over at leastprivilege.com
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
