One more cookbook for redirecting http to https in IIS
First, credit to Michael at this site:
http://blog.opsan.com/archive/2005/04/17/395.aspx
ok, now for my cookbook description.
1.
to secure a whole website.
in iis mmc, properties of website, directory security, secure communications,
click the ‘Require secure channel, require 128-bit encryption’.
2.
now in c:\inetpub\wwwroot, make a nonssl directory in windows explorer.
now in iis mcc, make a virtual directory and point to the
c:\inetpub\wwwroot\nonssl directory.
3.
in iis mmc, right click the new virtual nonssl directory.
goto directory security, secure communications, and uncheck require secure channel.
4.
Drop a file named sslredirect.asp into this directory. Put the following script into it.
—————-
< %
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strQUERY_STRING
Dim strSecureURL
Dim strWork
' Get server variables
strQUERY_STRING = Request.ServerVariables("QUERY_STRING")
' Fix the query string:
strWork = Replace(strQUERY_STRING,"http","https")
strWork = Replace(strWork,"403;","")
strWork = Replace(strWork,"80","")
' Now, set the new, secure URL:
strSecureURL = strWork
'response.write(strSecureURL) ' uncomment for sanity check.
Response.Redirect strSecureURL
End If
%>
————
5.
Goto iis mmc website properties, custom errors, 403;4.
Switch it to URL and location of:
/nonssl/redirectssl.asp
6. done.
Some good resources:
http://blog.opsan.com/archive/2005/04/17/395.aspx?Pending=true
http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx