Forcing SSL on a Domain IIS

I’ve been faced with this issue a few times. I simply want to force all traffic to the secure socket layer of my domain instead of the unencrypted side of things. Keep in mind that I’m a ASP classic kind of guy so I tend to think things the Microsoft way.

I want all requests to the server to be directed to https – and this is how I did it.

I created a text file and named it global.asax
Put it in the root of my web folder.
Added the following.

<%@ Application Language="C#" %>

<script runat="server">

protected void Application_BeginRequest(Object sender, EventArgs e)
    var httpRequest = HttpContext.Current.Request;
    if (httpRequest.IsSecureConnection.Equals(false) && httpRequest.IsLocal.Equals(false))
        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + httpRequest.RawUrl);


Then uploaded it to the IIS server. I called the domain (which has a default.asp page) and it redirected properly.

I’m posting this here for my own reference and for anyone looking for this solution!


Leave a Reply

Your email address will not be published. Required fields are marked *