Solved

How to force IIS website to redirect HTTP to HTTPS?

Posted on 2008-10-08
25
1,584 Views
Last Modified: 2011-10-19
Basically I have a website I opened to the public and set up an SSL certificate for.  How exactly do I make HTTP requests redirect to HTTPS so nobody can log in without encryption?  I clicked "Require SSL" on the website, but going to HTTP just gives a page saying "you need to view this with HTTPS"...be nice to automatically have it redirect if possible.
0
Comment
Question by:danielevans83
25 Comments
 
LVL 2

Expert Comment

by:gstump
Comment Utility
I'm not an expert on this subject so about all the help I can give you is a link that may do the job for you.  Here you go.

http://blogs.msdn.com/saurabh_singh/archive/2008/01/03/http-to-https-ssl-web-request-redirection.aspx
0
 
LVL 33

Expert Comment

by:Exchange_Geek
Comment Utility

Three methods to redirect HTTP to HTTPS
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https

How to redirect an HTTP connection to HTTPS for Outlook Web Access clients
http://support.microsoft.com/kb/839357

IIS 6.0 HTTP to HTTPS Redirect
http://forums.whirlpool.net.au/forum-replies-archive.cfm/437721.html
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
all you have to do is setup another website in iis and configure it to listen on port 80.  so only have the real website listen on 443.   then setup a "redirection to a url" inside the home directory tab and put in the https://yourwebsite.com  site.  

so the port 80 redirection website will accept requests on port 80 and then redirect the user back out to the https site.

let me know if you have any questions!
0
 

Author Comment

by:danielevans83
Comment Utility
Scott, you're the man.

I created a new IIS website that listens on TCP port 80.
I changed the old IIS website's TCP port to a random number.

I set the redirection to URL as the home directory to redirect to the HTTPS.

It works!
Anything wrong with the way I did this or is that okay?
0
 

Author Comment

by:danielevans83
Comment Utility
Question now:  is there a way to redirect external requests to HTTPS, but allow HTTP on the local intranet?
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
Ok, on the website that you are currently only listening on port 433 you can click on the advance button and have it also listen on port 80 on a diffrent ip address.  Then you can change internal dns to point to the new private ip address on port 80.

Did that make sense?
0
 

Author Comment

by:danielevans83
Comment Utility
Yeah it did.  So I can just pick a different IP that isn't assigned to any computers or devices, and use that to point to the internal site?  Interesting.  So I then have my external off site DNS point to the default IP that is listening on port 443, and my internal server DNS point to the IP of the port 80?  Like this?

Basic Web Template (off site DNS references this)
     192.168.0.1 (assumed IP of external site)    
      redirects port 80 to HTTPS
     
External Site (off site DNS references this)
     192.168.0.1 (assumed IP of external site)
     TCP Port : 8181             SSL Port : 443

Internal Site (Internal DNS references this)
     192.168.0.2 (assumed IP of internal site)
      TCP Port : 80
0
 
LVL 2

Accepted Solution

by:
ScottGranado earned 500 total points
Comment Utility
yep, then just modify your internal dns to point to the 192.168.0.2 address!

woot!
0
 

Author Comment

by:danielevans83
Comment Utility
Not sure what that did I cannot even get to my internal URL anymore.  I undid all the changes and now the external URL is inaccessible.

........
0
 

Author Comment

by:danielevans83
Comment Utility
Nevermind must have needed to propogate settings.  Okay so HTTP forwards to HTTPS correctly, but internally I cannot get it to stop forwarding to HTTPS.  

I set the HTTP redirect site to use the regular IP, port 80
I set the Main site TCP port 80 points to the alternate IP
I set internal DNS to point to this alternate IP on port 80.

What'd I do wrong?
0
 

Author Comment

by:danielevans83
Comment Utility
Okay the website is completely inaccessible internally.

I try to ping it, and I get time outs showing the new IP I'm using.

Are you sure all you do is assign it some random IP on the subnet?  Sounds to me like some step is missing here.
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
hey!  sorry for the delay.  Make sure you add the ip address to your network connections tcp properties first, then you should be able just to choose it from the drop down inside IIS.  You can't add the IP address in IIS without adding it to the OS and assigning it to a Network Connection first.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:danielevans83
Comment Utility
You'll have to forgive me because I'm currently training for the MCSE, not all the way there yet.

Where exactly do I add these IP addresses?  Can you give me a quick step by step on how to do this?
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
go into network connections, right click choose properties on the adapter you want, open internet protocol then properties, then click on advance at the bottom and then click add to add an additional ip address
Capture.JPG
0
 

Author Comment

by:danielevans83
Comment Utility
Ok great, got that all in.  Something weird is happening now.  When I open the page it prompts for a login (it is a Sharepoint site that used to just log you in using the domain user you're logged on as).  When I try to login it doesn't work and replaces the username with this:
sharepoint.<ourdomain>.com\devans

I have to replace the text before the \ with our domain to be able to login.  Any idea?
0
 

Author Comment

by:danielevans83
Comment Utility
I turned on Integrated Windows Authentication
I tried it with adding Basic Authentication
I tried it with Digest authentication...
I tried with all three.

I don't get it, the only thing changed is the IP of this IIS site for port 80.  
0
 

Author Comment

by:danielevans83
Comment Utility
In fact it seems to be happening with Internet Explorer...

Firefox still asks for a login, but I don't have to put our domain in the username before the \
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
make the site a trusted site inside internet explorer.  this should bypass the authentication.
0
 

Author Comment

by:danielevans83
Comment Utility
Okay I'll try that.

How can I deal with the external requests to the URL now requiring the same thing?  It also requires me to put in my domain now for some reason...
0
 

Author Comment

by:danielevans83
Comment Utility
By the way I undid everything and reverted back to a single IIS site with a single IP and now it will not do Windows authentication at all.  I have to manually enter the domain in every time internally and externally..

What the heck changed and why did this screw up our IIS site?????
0
 

Author Comment

by:danielevans83
Comment Utility
Also, making it a trusted site does not bypass the login.  It is still prompting me for a login no matter where I access it from, internally or externally.  It is then also making me enter in our domain name manually before the "\".  No changes to IIS seem to affect this at all.
0
 
LVL 2

Expert Comment

by:ScottGranado
Comment Utility
is the computer a member of the domain?  if so, then trusting it should allow it to pass domain credentials.  
0
 

Author Comment

by:danielevans83
Comment Utility
Yes, it is.  Like I said I undid all the settings and only had my one IIS site with a single IP, set up exactly as I had it before...and for some reason now it has no idea what domain I'm logging in from apparently.
0
 

Author Comment

by:danielevans83
Comment Utility
What could have been changed in this process that would no longer be telling computers connecting what domain they're logging into?
0
 

Author Comment

by:danielevans83
Comment Utility
Well, since this didn't help at all and it doesn't look like you're helping me figure out what is broken, looks like I get to backup, uninstall, and reinstall my Sharepoint.  Thanks...
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now