I have web services built with ASP.NET and ASP.NET clients consuming them. When consuming the webservices, how would I to force the clients to use https?
I don't want to force the whole site to use https by turning on require SSL in IIS.
Can I use the IIS7 URL rewrite module to re-route http requests to https?
No, you cannot use URL rewriting to change the protocol.
Instead, you could just implant a check in your web service and throw an exception if the protocol is HTTP.
Any chance you can add your webservices to a virtual directory and just force the virtual directory to use SSL? Along with checking inside the webservice calls as Fyodor suggest, you could add a check in Application_BeginRequest in your global.asax, although it's not very tidy:
void Application_BeginRequest(object sender, EventArgs e)
{
if (!Request.IsSecureConnection && Request.Url.ToString().Contains(".asmx"))
{
string secureUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(secureUrl);
}
}