Aug 24, 2011
tom

Elegantly Enforcing SSL in IIS 6.0

Question

I have a website running under IIS which has an SSL certificate applied. We would like to enforce HTTPS usage for the website which is easily done by checking the “Require Secure Channel” box, but this will immediately break the ability for people to connect over HTTP (as designed).

What I’d like to do is find a way to automatically redirect people from HTTP -> HTTPS if they type in the wrong thing (or connect from an old bookmark).

Is there a way to do this without creating a second website in IIS?

Answer

If you need to do it at the server level then you will have to create another site and have it forward the the https site.

If you can edit the code, you can not enforce ssl at the server level, instead you can do it in your website by detecting if the url starts with http: and redirecting to the same url with https: instead.

Related posts:

  1. Setup IIS 7.5 with multiple website bindings and SSL?
  2. Setting up Certification Authority on WinServer2003 and configuring IIS SSL
  3. controlling SSL at page level in IIS
  4. SSL in IIS 7 on a subdomain in a web farm
  5. SSL certificate for IIS

Leave a comment