How do I force SSL on my ASP/.NET site on Cloud Sites?
Below are three examples of how to force SSL on your ASP or ASP.NET site.
web.config
If your website has the IIS Rewrite Module available*, you can use rewrite rules in your web.config to force SSL on all pages:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
<add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
- Please contact support if you are unsure if the IIS Rewrite Module is available for your site.
The above example could be modified to force SSL on one page or specific pages. For more information on the IIS Rewrite Module, see Creating rewrite rules for the URL Rewrite Module and URL Rewrite Module Configuration Reference at The Official Microsoft IIS Site.
ASP.NET (Non MVC 3)
Using ASP.NET you can use this code snippet to force SSL on a page on your site:
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<script runat="server">
protected void Page_Load(object sender, System.EventArgs e)
{
if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
{
if(Request.ServerVariables.Get("HTTP_CLUSTER_HTTPS") == null)
{
string xredir__, xqstr__;
xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
xredir__ += Request.ServerVariables["SCRIPT_NAME"];
xqstr__ = Request.ServerVariables["QUERY_STRING"];
if (xqstr__ != "")
xredir__ = xredir__ + "?" + xqstr__;
Response.Redirect(xredir__);
}
}
Response.Write("SSL Only");
}
</script>
<html>
<head id="Head1" runat="server">
<title>SSL Only</title>
</head>
<body>
</body>
</html>
ASP.NET (MVC 3)
When using the "RequireHttps" attribute to decorate actions within your MVC application:
protected void Application_BeginRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsSecureConnection() == false)
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
}
}
public static class Extensions
{
/// <summary>
/// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud Sites' load balancer
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public static bool IsSecureConnection(this HttpRequestBase request)
{
const string rsSSLvar = "HTTP_CLUSTER_HTTPS";
return (request.IsSecureConnection || (request.ServerVariables[rsSSLvar] != null || request.ServerVariables[rsSSLvar] == "on"));
}
/// <summary>
/// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud Sites' load balancer
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public static bool IsSecureConnection(this HttpRequest request)
{
const string rsSSLvar = "HTTP_CLUSTER_HTTPS";
return (request.IsSecureConnection || (request.ServerVariables[rsSSLvar] != null || request.ServerVariables[rsSSLvar] == "on"));
}
}
Classic ASP
Using classic ASP you can use this code snippet to force SSL on a page on your site:
<%
Response.Buffer = True
If (Request.ServerVariables("HTTP_CLUSTER_HTTPS") <> "on") Then
If IsEmpty(Request.ServerVariables("HTTP_CLUSTER_HTTPS")) Then
Dim xredir__, xqstr__
xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
Request.ServerVariables("SCRIPT_NAME")
xqstr__ = Request.ServerVariables("QUERY_STRING")
If xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__
Response.Redirect xredir__
End If
End If
Response.Write("SSL Only")
%>
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER
0 Comments
Add new comment