{"id":153,"date":"2007-05-09T18:11:18","date_gmt":"2007-05-10T00:11:18","guid":{"rendered":"http:\/\/jameskovacs.com\/2007\/05\/10\/How+To+AutoRedirect+To+A+SSLsecured+Site+In+IIS"},"modified":"2007-05-09T18:11:18","modified_gmt":"2007-05-10T00:11:18","slug":"how-to-autoredirect-to-a-sslsecured-site-in-iis","status":"publish","type":"post","link":"https:\/\/www.jameskovacs.com\/index.php\/2007\/05\/09\/how-to-autoredirect-to-a-sslsecured-site-in-iis\/","title":{"rendered":"How to Auto-Redirect to a SSL-secured Site in IIS"},"content":{"rendered":"

I was recently asked how to configure a site to redirect automatically from HTTP to HTTPS. By this\u00a0I mean when the user types in http:\/\/server.example.com\/app\/page.aspx<\/a>,* the browser will automatically redirect to https:\/\/server.example.com\/app\/page.aspx<\/a>.\u00a0You can do it through code, but with a little ingenuity, you can do it strictly through IIS configuration. Let’s walk through the setup…<\/p>\n

Open IIS Manager and select properties for the website for which you want to require SSL. For TCP port, enter any unused port other than port 80 (the default HTTP port). For example, use 8888. For SSL port,\u00a0enter the default SSL port, which is 443. Now go to the Directory Security tab… Secure\u00a0communications… Edit…\u00a0Set the “Require secure channel (SSL)” (required) and “Require 128-bit encryption” (optional, but recommended). Restart IIS. Browse to http:\/\/server.example.com:8888<\/a> now and\u00a0you will get “The page must be viewed over a secure channel”. So far, so good.<\/p>\n

Create a brand new IIS website by right-clicking… New… Web site…\u00a0Click Next and give the website a name such as “Redirect to SSL”. Click Next… For TCP port, choose port 80, the default HTTP port. For path, point it to c:\\inetpub\\wwwroot. (It doesn’t really matter as we’ll be changing this in a minute.) Click Next… Give it Read permissions. Click Next…\u00a0Finish… to create the website. Right-click, properties on the new website. Select the Home Directory tab. Change “The content for this resource should come from:” to “A redirection to a URL”. In the “Redirect to:” textbox, enter https:\/\/server.example.com<\/a>. You can also optionally select “A permanent redirection for this resource”, which will cause bookmarks to update to the new URL. DO NOT, I repeat, DO NOT select “The exact URL entered above” or “A directory below URL entered”. Restart IIS. Now browse to http:\/\/server.example.com<\/a> and you’ll be redirected to the SSL site. Note that the path portion of the URL is preserved and only the protocol and server are modified. So http:\/\/server.example.com\/some\/path\/deep\/within\/my\/app.aspx<\/a> will redirect to https:\/\/server.example.com\/some\/path\/deep\/within\/my\/app.aspx<\/a> just by applying the redirection steps noted above.<\/p>\n

N.B. The redirect URL is sent back to the client. So if you type https:\/\/localhost<\/a> as the redirect, the client browser will try to redirect to localhost on the client’s machine, which probably won’t exist. Same thing goes for NetBIOS names. (e.g. https:\/\/server<\/a> rather than https:\/\/server.example.com<\/a>)<\/p>\n

* Little known fact. Example.com, example.net, and example.org are reserved top level DNS names as specified in RFC 2606<\/a>, Section 3 and are intended for – surprise,\u00a0surprise – examples. This allows authors to create bogus URLs in books, blog posts, and elsewhere that are guaranteed to go nowhere, which is generally the author’s intent when creating a bogus URL.<\/p>\n","protected":false},"excerpt":{"rendered":"

I was recently asked how to configure a site to redirect automatically from HTTP to HTTPS. By this\u00a0I mean when the user types in http:\/\/server.example.com\/app\/page.aspx,* the browser will automatically redirect to https:\/\/server.example.com\/app\/page.aspx.\u00a0You can do it through code, but with a little ingenuity, you can do it strictly through IIS configuration. Let’s walk through the setup… […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,21],"tags":[],"class_list":["post-153","post","type-post","status-publish","format-standard","hentry","category-aspnet","category-security"],"_links":{"self":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/comments?post=153"}],"version-history":[{"count":0,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/posts\/153\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/media?parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/categories?post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameskovacs.com\/index.php\/wp-json\/wp\/v2\/tags?post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}