Redirecting from http to https in IIS7 (http2https Updated)

I had written a sample to redirect all http traffic to https (secure) in September 2006 http://www.awesomeideas.net/post/2006/09/03/Redirecting-from-http-to-https-in-IIS7.aspx

In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.

So let us get into action (I'm using C# for this sample)

  1. Download and Install IIS7 Managed Module Starter Kit
    (Not really a requirement but it would make developing IIS7 modules easier)
  2. Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
  3. Add the following code in "Init" method
    // register for the BeginRequest event
    application.BeginRequest += new EventHandler(OnBeginRequest); 
    application.EndRequest += new EventHandler(OnEndRequest);
     
  4. Add the following method to implement "BeginRequest" event
    //BeginRequest implementation
    public void OnBeginRequest(Object sender, EventArgs e)
    {
    HttpApplication app = (HttpApplication)sender;
    string HttpUrl = app.Request.Url.ToString(); 
    
       if (HttpUrl.StartsWith("http:"))                           //Redirection done only if URL starts with http:
       {
       HttpUrl = HttpUrl.Replace("http:", "https:");
       app.Response.Redirect(HttpUrl.ToString(), true);           //Redirecting (http 302) to the same URL but with https
       app.Response.End();                                        //We don't want to any further so end
       }
    } 
    
  5. Add the following method to implement "OnEndRequest" event

    //This is for scenario where SSL is forced on the site
    public void OnEndRequest(Object sender, EventArgs e)
    {
      HttpApplication app = (HttpApplication)sender;
      if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
      { 
        string HttpUrl = app.Request.Url.ToString();
    
        if (HttpUrl.StartsWith("http:"))
        {
            HttpUrl = HttpUrl.Replace("http:", "https:");
            app.Response.Redirect(HttpUrl.ToString(), true);
            app.Response.End();
        }
    }
    
    

  6. Make sure you have the following in your web.config inside configuration tag
    <system.webServer>
    <modules>
       <add name="redir" type="http2https.redir" />
    </modules>
    </system.webServer> 
    


Your http to https redirection sample is ready and also works if you force SSL!!!


How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Source code @ http://www.awesomeideas.net/page/IIS7-http2https.aspx

3 Comments

Comments have been disabled for this content.