My ASP.NET MVC application enforces the use of SSL (nothing happens at all over plain HTTP) - session cookies are required to be SSL & HttpOnly; my authorization module checks that no communication goes in or out over anything except HTTPS.
The problem: How do I debug/step-through in Visual Studio now? I still want to be able to do F5 quick tests as I was able to do with plain HTTP. Help?
I handle by putting environment checks around my protocol requirement code. For example, when I am local I don't require SSL. However, in development, test and production, I do require SSL. If there is problem with my code, I attach a debugger to my development application server. I can do this with Java, not sure if it is available for ASP.net.
You could run your ASP.Net MVC site under IIS and then use a self signed certificate.
Personally, I have a setting if I want to enforce SSL or not and I leave it off when running locally. I have only found one issue which was configuring the transport security for WCF endpoints that are consumed by the javascript.