How to implement HTTPS for an entire site, including the default.aspx page

I am working on a site that currently switches to https only once the user has logged in.  The client has requested that the entire site be secure using their ssl certificate and that all pages, including the default.aspx page be under https.  What is the best way to set the entire site to run under https?

Thanks,
Jason
ravensFACAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vs1784Commented:
if you already have a SSL certificate installed on web server on the root domain, you just have to modify the links on all the pages to reflect to https instead of http. You can redirect index ppage to https version.
0
ravensFACAuthor Commented:
Thanks, but I should have mentioned that I already tried that.  I set a response.redirect on the page_init to point to the https url.  It just hung forever...  Other ideas?
0
vs1784Commented:
Ok first check if your SSL certificaate is setup on root directory or not

Open https URL for your domain in explorer i.e. https://www.yourdomain.com

If that page opens, then instead of using page_init use page_load and set response.redirect to that page.

If the https page doesnt open then you might have to setup a SSL certificate on server.
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

ravensFACAuthor Commented:
Yes, SSL is set on the root.  The site switches to that on login and the base https://www.yourdomain.com has always worked when typed in directly.  Why use page_load rather than page_init?
0
vs1784Commented:
Or i suggest you to create a simple index.asp page with only one line and make it as default document of website.

You can create it with below code, because if you use default.aspx to redirect in page_init method it will go on redirecting to same page resulting in infinite lock.

Hope you understand.

Thanks,
<%
Response.Redirect("https://www.yourdomain.com/default.aspx")
%>

Open in new window

0
ravensFACAuthor Commented:
Yeah, that is a possible solution.  It just seems a little backwards to have to create a fake default page that redirects to your real default page.  I would prefer a solution through IIS that simply forced https for all pages in the specified domain.  Let me do a little more research and see if I get any other posted solutions here.  If I don't I will accept your answer.  Thanks for the help!
0
ravensFACAuthor Commented:
vs1784's solution did work, but I hated the idea of creating a fake page just to redirect another page.  I ended up using the following, which isn't perfect, but good enough for 12:20AM working from home, for a client who probably doesn't even realize the time I take away from my family to try and do them right. :)
            If Request.ServerVariables("server_port") = 80 Then
                Dim httpsURL
                httpsURL = "https://"
                httpsURL = httpsURL & Request.ServerVariables("server_name")
                httpsURL = httpsURL & Request.ServerVariables("url")
                Response.Redirect(httpsURL)
            End If

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RubalJCommented:
Using ISAPI like Helicon ISAPI Rewrite you can do HTTP to HTTPS redirect without actual site coding. Check following forum post on their site :

http://www.helicontech.com/forum/forum_posts-TID-8619.htm
http://www.helicontech.com/forum/forum_posts-TID-8547.htm

and this following blog post even describes it better :
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.