I plan to convert my web site to require SSL and want to automatically redirect http requests to https. My users are unwilling to type https. From previous posts I see I need to open a ticket to require SSL, but before doing so I want to be as prepared as I can to redirect. I plan to create a custom error page to handle the 403.4 error and redirect traffic. I'd appreciate a sample if anyone has done this. Peter Bradshaw [email protected]
I believe there was some issues on how IIS handles 403.4 so setting a custom error page can get a little tricky. I suggest when you have the SSL installed, simply create a redirect script. This way you can specify what the url will be. As an example, if someone types http://contact.mydomain.com you can specify it to redirect to https://contact.mydomain.com. Where as if some types http://aboutus.mydomain.com it will continue to go to http://aboutus.mydomain.com. Try referring to this kb article in setting up a redirect script. The kb was created specifically for subdomain names but it can be used for issues with SSL concerns. https://support.discountasp.net/KB/...omain-to-a-subdirectory.aspx?KBSearchID=33875
Thanks. I realized after I posted that since I really only have one entry point (a login page), it's relatively easy to redirect there. Of course, that doesn't prevent someone from circumventing the system by manually typing "http://" after logging in.
I think you could use a Global.asax file to help remedy this. So any http calls to a designated URL will redirect it to a https protocol.
