How to implement HTTPS for an entire site, including the default.aspx page

Posted on 2008-02-11
Medium Priority
Last Modified: 2008-02-21
I am working on a site that currently switches to https only once the user has logged in.  The client has requested that the entire site be secure using their ssl certificate and that all pages, including the default.aspx page be under https.  What is the best way to set the entire site to run under https?

Question by:ravensFAC
  • 4
  • 3
LVL 11

Expert Comment

ID: 20871278
if you already have a SSL certificate installed on web server on the root domain, you just have to modify the links on all the pages to reflect to https instead of http. You can redirect index ppage to https version.

Author Comment

ID: 20871433
Thanks, but I should have mentioned that I already tried that.  I set a response.redirect on the page_init to point to the https url.  It just hung forever...  Other ideas?
LVL 11

Expert Comment

ID: 20871532
Ok first check if your SSL certificaate is setup on root directory or not

Open https URL for your domain in explorer i.e. https://www.yourdomain.com

If that page opens, then instead of using page_init use page_load and set response.redirect to that page.

If the https page doesnt open then you might have to setup a SSL certificate on server.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!


Author Comment

ID: 20871594
Yes, SSL is set on the root.  The site switches to that on login and the base https://www.yourdomain.com has always worked when typed in directly.  Why use page_load rather than page_init?
LVL 11

Assisted Solution

vs1784 earned 1600 total points
ID: 20871602
Or i suggest you to create a simple index.asp page with only one line and make it as default document of website.

You can create it with below code, because if you use default.aspx to redirect in page_init method it will go on redirecting to same page resulting in infinite lock.

Hope you understand.


Open in new window


Author Comment

ID: 20871704
Yeah, that is a possible solution.  It just seems a little backwards to have to create a fake default page that redirects to your real default page.  I would prefer a solution through IIS that simply forced https for all pages in the specified domain.  Let me do a little more research and see if I get any other posted solutions here.  If I don't I will accept your answer.  Thanks for the help!

Accepted Solution

ravensFAC earned 0 total points
ID: 20872672
vs1784's solution did work, but I hated the idea of creating a fake page just to redirect another page.  I ended up using the following, which isn't perfect, but good enough for 12:20AM working from home, for a client who probably doesn't even realize the time I take away from my family to try and do them right. :)
            If Request.ServerVariables("server_port") = 80 Then
                Dim httpsURL
                httpsURL = "https://"
                httpsURL = httpsURL & Request.ServerVariables("server_name")
                httpsURL = httpsURL & Request.ServerVariables("url")
            End If

Open in new window

LVL 10

Expert Comment

ID: 20873189
Using ISAPI like Helicon ISAPI Rewrite you can do HTTP to HTTPS redirect without actual site coding. Check following forum post on their site :


and this following blog post even describes it better :

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Good news! Plesk 12.5 (with update #28 and above) now includes support for HTTP/2. This is a major update to HTTP1.1, which is over 15 years old. Read below to learn how to enable HTTP/2 on your Media Temple DV with Plesk.
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question