How do I force SSL on my ASP/.NET site on Cloud Sites?


Below are three examples of how to force SSL on your ASP or ASP.NET site.

web.config

If your website has the IIS Rewrite Module available*, you can use rewrite rules in your web.config to force SSL on all pages:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>

  <rewrite>
    <rules>
      <rule name="Redirect to HTTPS" stopProcessing="true">
        <match url=".*" />

        <conditions>
          <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
          <add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />

        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
      </rule>

    </rules>
  </rewrite>
</system.webServer>
</configuration>
  • Please contact support if you are unsure if the IIS Rewrite Module is available for your site.

The above example could be modified to force SSL on one page or specific pages. For more information on the IIS Rewrite Module, see Creating rewrite rules for the URL Rewrite Module and URL Rewrite Module Configuration Reference at The Official Microsoft IIS Site.

ASP.NET (Non MVC 3)

Using ASP.NET you can use this code snippet to force SSL on a page on your site:

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<script runat="server">
  protected void Page_Load(object sender, System.EventArgs e)
  {
    if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
    {
      if(Request.ServerVariables.Get("HTTP_CLUSTER_HTTPS") == null)
      {
        string xredir__, xqstr__;

        xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
        xredir__ += Request.ServerVariables["SCRIPT_NAME"];
        xqstr__ = Request.ServerVariables["QUERY_STRING"];

        if (xqstr__ != "")
            xredir__ = xredir__ + "?" + xqstr__;

        Response.Redirect(xredir__);
      }
    }
    Response.Write("SSL Only");
  }

</script>

<html>
<head id="Head1" runat="server">
  <title>SSL Only</title>
</head>

<body>
</body>
</html>

ASP.NET (MVC 3)

When using the "RequireHttps" attribute to decorate actions within your MVC application: 

protected void Application_BeginRequest(Object sender, EventArgs e)
{
            if (HttpContext.Current.Request.IsSecureConnection() == false)
            {
                        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
            }
}
public static class Extensions
{
            /// <summary>
            /// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud Sites' load balancer
            /// </summary>
            /// <param name="request"></param>
            /// <returns></returns>
            public static bool IsSecureConnection(this HttpRequestBase request)
            {
                        const string rsSSLvar = "HTTP_CLUSTER_HTTPS";
                        return (request.IsSecureConnection || (request.ServerVariables[rsSSLvar] != null || request.ServerVariables[rsSSLvar] == "on"));
            }
            /// <summary>
            /// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud Sites' load balancer
            /// </summary>
            /// <param name="request"></param>
            /// <returns></returns>
            public static bool IsSecureConnection(this HttpRequest request)
            {
                        const string rsSSLvar = "HTTP_CLUSTER_HTTPS";
                        return (request.IsSecureConnection || (request.ServerVariables[rsSSLvar] != null || request.ServerVariables[rsSSLvar] == "on"));
            }
}

Classic ASP

Using classic ASP you can use this code snippet to force SSL on a page on your site:

<%
Response.Buffer = True
If (Request.ServerVariables("HTTP_CLUSTER_HTTPS") <> "on") Then
  If IsEmpty(Request.ServerVariables("HTTP_CLUSTER_HTTPS")) Then
    Dim xredir__, xqstr__

    xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
               Request.ServerVariables("SCRIPT_NAME")
    xqstr__ = Request.ServerVariables("QUERY_STRING")

    If xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__

    Response.Redirect xredir__
  End If
End If

Response.Write("SSL Only")
%>

 



Was this content helpful?




© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER