The easiest way to implement this feature is to use Global.asax's Application_BeginRequest function, where it checks if the request comes from a "HTTPS" protocol, if not, then changes "http" to "https" and then redirecst the request to the secure location.
The code snippets for VB.NET and C# are attached.
Note:
If the application is running on a local machine during the development phase, we should not try to redirect the request to a secure link, that is why there are some checks in the first couple of lines of code.
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: | 'VB.NET
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
' Fires at the beginning of each request
'Require SSL
If (Request.UserHostName <> "127.0.0.1" _
AndAlso Request.UserHostName <> "localhost") Then
If Request.ServerVariables("HTTPS") = "off" Then
Dim redir As String = "https://" Request.ServerVariables("SERVER_NAME") Request.ServerVariables("SCRIPT_NAME")
If Request.ServerVariables("QUERY_STRING") <> "" Then
redir = "?" Request.ServerVariables("QUERY_STRING")
End If
Response.Redirect(redir)
End If
End If
End Sub
//C#
public void Application_BeginRequest(object sender, EventArgs e)
{
if (Request.UserHostName != "127.0.0.1" && Request.UserHostName != "localhost")
{
if (Request.ServerVariables["HTTPS"] == "off")
{
string redir = "https://" Request.ServerVariables["SERVER_NAME"] Request.ServerVariables["SCRIPT_NAME"];
if (Request.ServerVariables["QUERY_STRING"] != "")
{
redir = "?" Request.ServerVariables["QUERY_STRING"];
}
Response.Redirect(redir);
}
}
}
|
