One more cookbook for redirecting http to https in IIS

First, credit to Michael at this site:

http://blog.opsan.com/archive/2005/04/17/395.aspx

ok, now for my cookbook description.
1.
to secure a whole website.
in iis mmc, properties of website, directory security, secure communications,
click the ‘Require secure channel, require 128-bit encryption’.

2.
now in c:\inetpub\wwwroot, make a nonssl directory in windows explorer.
now in iis mcc, make a virtual directory and point to the
c:\inetpub\wwwroot\nonssl directory.

3.
in iis mmc, right click the new virtual nonssl directory.
goto directory security, secure communications, and uncheck require secure channel.

4.
Drop a file named sslredirect.asp into this directory. Put the following script into it.

—————-
< % If Request.ServerVariables("SERVER_PORT")=80 Then Dim strQUERY_STRING Dim strSecureURL Dim strWork ' Get server variables strQUERY_STRING = Request.ServerVariables("QUERY_STRING") ' Fix the query string: strWork = Replace(strQUERY_STRING,"http","https") strWork = Replace(strWork,"403;","") strWork = Replace(strWork,"80","") ' Now, set the new, secure URL: strSecureURL = strWork 'response.write(strSecureURL) ' uncomment for sanity check. Response.Redirect strSecureURL End If %>
————

5.
Goto iis mmc website properties, custom errors, 403;4.
Switch it to URL and location of:
/nonssl/redirectssl.asp

6. done.

Some good resources:
http://blog.opsan.com/archive/2005/04/17/395.aspx?Pending=true
http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx

This entry was posted in Tips. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *