Saturday 9 November 2013

ASP.Net - Redirect Http to Https protocol

In this article we are going to see how to redirect a link from HTTP request to HTTPS, To do that we have to do the SSL by Server Certificate which can be issued certificate authority. For this article we are going to create a self signed certificate for testing purpose .Then we need the  Url-Rewrite extension for IIS to rewrite the Url.

Whenever a User clicks the normal url like the first mention in the below image it automatically redirects to the HTTPS for secure mode. which is shown in second url image. Let we take a Login page as Demo page.

What is HTTPS ?
  A secured transaction of encrypted messages between the browser client and Server through wire.To do this encryption it takes the server certificate, Which have a one private key as well as an public key.uses a same key for encryption and decryption.




URL REWRITE : Click Here to download the extension

After download the Url Rewrite install it , then now you can add the rule for rewrite the URL in root  web.config file in project as well as in  IIS.

Steps to create a Self Signed Certificate :

1. windows + R to start the Run
2. Type inetmgr
3. now select the default website and add the bindings of https which have the default port of 443.
4. Launch the Url with Https and check the login page is launch in https mode.




Now if you try this in normal http url mode result in error 

HTTP Error 403.4 - Forbidden

The page you are trying to access is secured with Secure Sockets Layer (SSL).


url :  http://localhost/SSLSamples/. so how we can redirect it to https when even a user enter the url in http mode.To do that follow the simple steps mention below

1. uncheck the "RequireSSL" which is present under the ssl settings.
2. Create a Rule in Web.Config.

Here match tag specifies that any url comes action specifies the redirect to https with concate incoming HTTP_HOST and REQUEST_URI


<system.webServer>
    <httpRedirect enabled="false" destination="" httpResponseStatus="Found" />
    <rewrite>
      <rules>
        <rule name="Http to Https" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
       <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>



Now if you launch the URL in HTTP it rewrites the URL to HTTPS.



From this article you can learn how make a redirect from http to https.


No comments:

Post a Comment