What's the simplest and most effective way to selectively redirect HTTP requests to your ASP.NET page to its HTTPS equivalent?
For example, if my page site URL is http://www.somesite.com, I want to redirect some (or all) page requests to https://www.somesite.com.
What's the easiest way to do that?
I use this code to do that.
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
I like to say, that the only minus is that is not use "Regular expression pattern matching", but it was very easy to add it on the code.
Depending on what version of IIS you are using and whether you have access to it and whether you want to write custom code or configure a product feature.
IIS5, IIS6:
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx
IIS7, IIS7.5:
URL Rewrite:
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
Here's an example of a rule to redirect http://.../checkout.aspx to https:
<rule name="CheckoutToSSL" stopProcessing="true">
<match url="^checkout.aspx*" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
ASP.NET Routing:
http://msdn.microsoft.com/en-us/library/cc668201.aspx
Difference between IIS7,7.5 rewrite and ASP.NET routing
http://learn.iis.net/page.aspx/496/iis-url-rewriting-and-aspnet-routing/