Why does IIS respond to a secure(SSL) page request with a 302 to its non-secure version?

Question

I have SSL installed at the root of a server. I have a page whose code behind code is supposed to redirect after certain validation to a secure page. Here's the redirect code:

switch (PageBase2.GetParameterValue("Environment")) //Retrieves App Setting named Environment from web.config
            {
                case "Server":
                    strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
                    break;
                case "Local":
                    strURL = @"http://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
                    break;
                default:
                    strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
                    break;
            }
            Response.Redirect(strURL, false);

But the page that's been served by IIS is non-secure. I looked at the firebug console and it appears that the client does make a get request to https://server/checkout/payment.aspx but IIS responds with a 302 to http://server/checkout/payment.aspx Any clues, as to what could be causing it. I've even tried forcing SSL for the page, but it doesn't work I get 403.4 error. (SSL is required to view this resource.) And if i remove the redirection logic and code the payment page to redirect to its SSL version when the connection is not secure using Request.IsSecureConnection, i end up with an endless redirect loop, simply because IIS still won't serve the secure version without a 302. Any ideas?

Answer 1

It sounds like you do not have the proper configuration of IIS, with the SSL applied to the specific website.

You can test this, by trying to visit a static resource, image or html file, via the https link. if that redirects as well, I would look into the IIS config.