views:

756

answers:

1

I am trying to force a page to be run under SSL, so I have implemented the following on page_load:

if (!Request.IsLocal && !Request.IsSecureConnection)
        {
            Response.Redirect(Helper.GetInstance().SSLBaseURL() + ScriptName());
        }

For some reason this is ending up in a loop. Earlier today, I checked Request.Uri.Scheme, and it was resolving as "http", though I was clearly connected to https://www.domain.com/pagename.aspx.

Any reason you can think of why this page isn't correctly detecting that we're running under https?

+1  A: 

I would handle this on the webserver side. If you're running IIS, it's not as simple, but you could enable the force SSL option and implement a custom error page for your 403;4 (I think that's the SSL required error) that redirects to https.

orthod0ks