SSL Redirection using ASP.NET

Article
05/14/2009

You require ASP.Net configured on IIS to use this solution.

Here is how you can implement this solution.

1) Create a new Virtual Directory “SSLRedirect” and point this to a new physical folder which is independent of your Website Content

2) Created 2 Files in this. 1. Global.asax and 2. Default.aspx

3) Here is the sample code for the Global.asax. Default.aspx can be empty.

<%@ Application Language="VB" %>

Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs)

Try

Response.Redirect(Replace(Replace(Request.Url.ToString.Split(";")(1), "http:", "https:"), ":80", ""))

Catch ex As Exception

System.Diagnostics.EventLog.WriteEntry("SSLRedirect", ex.Message() & _

vbCrLf & Request.UserAgent & _

vbCrLf & Request.UserHostAddress & _

vbCrLf & Request.UserHostAddress)

Response.Write("<a href=""/"">Goto HomePage</a>")

End Try

End Sub

</script>

Note: The exception handling is done to check if the client is directly trying to access the SSLRedirect application and provide the administrators with the client IP who is trying this and then provide with a link for the home page.

4) Now you can goto the properties of the virtual directories or even website that requires to be viewed strictly over SSL and click on Custom Errors and point the 403;4 to the TYPE URL and Contents to /SSLRedirect/Default.aspx.

5) Before you browse the website/virtual directory Make sure the SSLRedirect virtual directory does not have SSL set to required and authentication is set to Anonymous only.

6) Also if you have a web.config not configured for Anonymous access at a parent level to SSLRedirect folder, you will need to have a Web.Config inside the SSLRedirect folder which allows anonymous access.

7) The application configured for the SSL redirection using this method and the SSLRedirect virtual directory both should run under the same application pool.

SSL Redirection using ASP.NET

Additional resources