Solved

How to force IIS website to redirect HTTP to HTTPS?

Posted on 2008-10-08
25
1,592 Views
Last Modified: 2011-10-19
Basically I have a website I opened to the public and set up an SSL certificate for.  How exactly do I make HTTP requests redirect to HTTPS so nobody can log in without encryption?  I clicked "Require SSL" on the website, but going to HTTP just gives a page saying "you need to view this with HTTPS"...be nice to automatically have it redirect if possible.
0
Comment
Question by:danielevans83
25 Comments
 
LVL 2

Expert Comment

by:gstump
ID: 22671062
I'm not an expert on this subject so about all the help I can give you is a link that may do the job for you.  Here you go.

http://blogs.msdn.com/saurabh_singh/archive/2008/01/03/http-to-https-ssl-web-request-redirection.aspx
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22671489

Three methods to redirect HTTP to HTTPS
http://www.iis-aid.com/articles/how_to_guides/three_methods_to_redirect_http_to_https

How to redirect an HTTP connection to HTTPS for Outlook Web Access clients
http://support.microsoft.com/kb/839357

IIS 6.0 HTTP to HTTPS Redirect
http://forums.whirlpool.net.au/forum-replies-archive.cfm/437721.html
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22674951
all you have to do is setup another website in iis and configure it to listen on port 80.  so only have the real website listen on 443.   then setup a "redirection to a url" inside the home directory tab and put in the https://yourwebsite.com  site.  

so the port 80 redirection website will accept requests on port 80 and then redirect the user back out to the https site.

let me know if you have any questions!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:danielevans83
ID: 22678385
Scott, you're the man.

I created a new IIS website that listens on TCP port 80.
I changed the old IIS website's TCP port to a random number.

I set the redirection to URL as the home directory to redirect to the HTTPS.

It works!
Anything wrong with the way I did this or is that okay?
0
 

Author Comment

by:danielevans83
ID: 22678621
Question now:  is there a way to redirect external requests to HTTPS, but allow HTTP on the local intranet?
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22679084
Ok, on the website that you are currently only listening on port 433 you can click on the advance button and have it also listen on port 80 on a diffrent ip address.  Then you can change internal dns to point to the new private ip address on port 80.

Did that make sense?
0
 

Author Comment

by:danielevans83
ID: 22679892
Yeah it did.  So I can just pick a different IP that isn't assigned to any computers or devices, and use that to point to the internal site?  Interesting.  So I then have my external off site DNS point to the default IP that is listening on port 443, and my internal server DNS point to the IP of the port 80?  Like this?

Basic Web Template (off site DNS references this)
     192.168.0.1 (assumed IP of external site)    
      redirects port 80 to HTTPS
     
External Site (off site DNS references this)
     192.168.0.1 (assumed IP of external site)
     TCP Port : 8181             SSL Port : 443

Internal Site (Internal DNS references this)
     192.168.0.2 (assumed IP of internal site)
      TCP Port : 80
0
 
LVL 2

Accepted Solution

by:
ScottGranado earned 500 total points
ID: 22679920
yep, then just modify your internal dns to point to the 192.168.0.2 address!

woot!
0
 

Author Comment

by:danielevans83
ID: 22680027
Not sure what that did I cannot even get to my internal URL anymore.  I undid all the changes and now the external URL is inaccessible.

........
0
 

Author Comment

by:danielevans83
ID: 22681103
Nevermind must have needed to propogate settings.  Okay so HTTP forwards to HTTPS correctly, but internally I cannot get it to stop forwarding to HTTPS.  

I set the HTTP redirect site to use the regular IP, port 80
I set the Main site TCP port 80 points to the alternate IP
I set internal DNS to point to this alternate IP on port 80.

What'd I do wrong?
0
 

Author Comment

by:danielevans83
ID: 22682022
Okay the website is completely inaccessible internally.

I try to ping it, and I get time outs showing the new IP I'm using.

Are you sure all you do is assign it some random IP on the subnet?  Sounds to me like some step is missing here.
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22682302
hey!  sorry for the delay.  Make sure you add the ip address to your network connections tcp properties first, then you should be able just to choose it from the drop down inside IIS.  You can't add the IP address in IIS without adding it to the OS and assigning it to a Network Connection first.
0
 

Author Comment

by:danielevans83
ID: 22682844
You'll have to forgive me because I'm currently training for the MCSE, not all the way there yet.

Where exactly do I add these IP addresses?  Can you give me a quick step by step on how to do this?
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22682958
go into network connections, right click choose properties on the adapter you want, open internet protocol then properties, then click on advance at the bottom and then click add to add an additional ip address
Capture.JPG
0
 

Author Comment

by:danielevans83
ID: 22683362
Ok great, got that all in.  Something weird is happening now.  When I open the page it prompts for a login (it is a Sharepoint site that used to just log you in using the domain user you're logged on as).  When I try to login it doesn't work and replaces the username with this:
sharepoint.<ourdomain>.com\devans

I have to replace the text before the \ with our domain to be able to login.  Any idea?
0
 

Author Comment

by:danielevans83
ID: 22683679
I turned on Integrated Windows Authentication
I tried it with adding Basic Authentication
I tried it with Digest authentication...
I tried with all three.

I don't get it, the only thing changed is the IP of this IIS site for port 80.  
0
 

Author Comment

by:danielevans83
ID: 22683720
In fact it seems to be happening with Internet Explorer...

Firefox still asks for a login, but I don't have to put our domain in the username before the \
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22683780
make the site a trusted site inside internet explorer.  this should bypass the authentication.
0
 

Author Comment

by:danielevans83
ID: 22683807
Okay I'll try that.

How can I deal with the external requests to the URL now requiring the same thing?  It also requires me to put in my domain now for some reason...
0
 

Author Comment

by:danielevans83
ID: 22685683
By the way I undid everything and reverted back to a single IIS site with a single IP and now it will not do Windows authentication at all.  I have to manually enter the domain in every time internally and externally..

What the heck changed and why did this screw up our IIS site?????
0
 

Author Comment

by:danielevans83
ID: 22687121
Also, making it a trusted site does not bypass the login.  It is still prompting me for a login no matter where I access it from, internally or externally.  It is then also making me enter in our domain name manually before the "\".  No changes to IIS seem to affect this at all.
0
 
LVL 2

Expert Comment

by:ScottGranado
ID: 22687468
is the computer a member of the domain?  if so, then trusting it should allow it to pass domain credentials.  
0
 

Author Comment

by:danielevans83
ID: 22688362
Yes, it is.  Like I said I undid all the settings and only had my one IIS site with a single IP, set up exactly as I had it before...and for some reason now it has no idea what domain I'm logging in from apparently.
0
 

Author Comment

by:danielevans83
ID: 22688794
What could have been changed in this process that would no longer be telling computers connecting what domain they're logging into?
0
 

Author Comment

by:danielevans83
ID: 22691698
Well, since this didn't help at all and it doesn't look like you're helping me figure out what is broken, looks like I get to backup, uninstall, and reinstall my Sharepoint.  Thanks...
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question