Switch from HTTP to HTTPS in existing ASP.NET web application

Switch complete traffic from unsecured to secured with web.config update

Starting from few years ago, Google enforces secured over unsecured website traffic. However it is an ongoing process since both publishers and advertisers need to implement HTTPS in order to avoid mixed contnet exception in a browser and preventing ads to load on a website.

Mixed -content

Why switching from HTTP to HTTPS?

HTTPS adds additional steps on page load which is encryption and decryption of the request and response data. This also adds an additional CPU overload on both side. So why it is better?

Beside adding a small CPU overhead on the encryption and description steps, it provides security in terms of newsletters subscriptions, registrations, logins or any other data submission operation. Beside, apart from Google, most of the this parties such as Twitter, Disqus, Facebook are enforcing secured over unsecured communication, so in order to integrate any of these third party elements on your page you need to switch to HTTPS.

Swicthing with minimum impact

The issue with switching to HTTPS from HTTPS might be in a case when you already have a long running website which is already indexed with Google. In this case switching to only HTTPS will reduce the number of visits until the new secured content is indexed.

This is not completely true. HTPP binding on the port 80 still stays, you just need to redirect to HTTPS which is on port 443.

IIS comes with URL Rewrite Module for IIS right out of the box which can be used by referencing it from web.config. A nice video walk-thought on how to use URL Rewrite Module can be found at Microsoft MSDN library along with documentation on how to create rule for URL Rewrite Module on IIS

<configuration>
  <system.webServer>
	  <rewrite>  
		<rules> 
			<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
				<match url="(.*)" />
				<conditions logicalGrouping="MatchAny">
				  <add input="{SERVER_PORT_SECURE}" pattern="^0$" />
				</conditions>
				<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
			</rule>	
		</rules>
	  </rewrite>
  </system.webServer>
<configuration>
    
Note

Make sure you have URL Rewrite Module on your hosting IIS. Absence of URL Rewrite module can cause Configuration Exception after referencing the module in web.config

This way all HTTP request will be rewritten to HTTPS automatically ending up with all traffic to you website regardless user requested HTTP or HTTPS will end up with HTTPS.

 

 

References

Disclaimer

Purpose of the code contained in snippets or available for download in this article is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.


About the author

DEJAN STOJANOVIC

Dejan is a passionate Software Architect/Developer. He is highly experienced in .NET programming platform including ASP.NET MVC and WebApi. He likes working on new technologies and exciting challenging projects

CONNECT WITH DEJAN  Loginlinkedin Logintwitter Logingoogleplus Logingoogleplus

JavaScript

read more

SQL/T-SQL

read more

Umbraco CMS

read more

PowerShell

read more

Comments for this article