Solved

URL Rewrite

Posted on 2011-02-12
10
589 Views
Last Modified: 2012-05-11
Hi EE,

I need to redirect users in my web.config file if a user tries to enter http://mysite.com/secure which should be https://mysite.com/secure. Is there a way to do this in the web.config file such as URL Rewrite? I don't have access to IIS since I'm on a Shared Hosting Plan so it needs to be done in web.config file.

Thanks in advance!!!
0
Comment
Question by:asp_net2
10 Comments
 
LVL 8

Expert Comment

by:Yiogi
ID: 34880803
You can do it easily in your global.asax. Just add this method, or add the code inside it, if you already have the method specified.


protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}

Open in new window

0
 
LVL 4

Author Comment

by:asp_net2
ID: 34881008
Hi Yiogi,

Ok, but where do I put the URL that I want to have redirected to https at?
0
 
LVL 11

Expert Comment

by:SAMIR BHOGAYTA
ID: 34887365
0
 
LVL 4

Author Comment

by:asp_net2
ID: 34887594
That does not show how to redirect a user who visits http://www.mysite.com to https://www.mysite.com. I need to have the http site redirected to https. Can  you show me how to do this?
0
 
LVL 13

Expert Comment

by:agarwalrahul
ID: 34893877
add global.asax file from right click on project in solution explorer->add new items->add global.asax file.

Put this code:

protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:Yiogi
ID: 34895643
You will not put the url to redirect to anywhere. It will redirect the user to the exact same url he typed in the address but to secure version of the page instead. So if for example user navigated to:

http://www.mysite.com/test/default.aspx?asds=value

he will be redirected to:
https://www.mysite.com/test/default.aspx?asds=value

This is exactly what Request.ServerVariables["HTTP_HOST"] +   HttpContext.Current.Request.RawUrl
will do for you. Replace the url with the one the user originally navigated to. That is the beauty of it.
0
 
LVL 4

Author Comment

by:asp_net2
ID: 34896233
Hi Yiogi,

Not sure where to put the http URL at in the following code that you provided below.


protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}
0
 
LVL 8

Accepted Solution

by:
Yiogi earned 500 total points
ID: 34921392
Ok let me try and explain better. You put the code I provided in global.asax file. That will fire when someone tries to access your website.

"if (!HttpContext.Current.Request.IsSecureConnection)" will check if the user is using an SSL connection. If he/she is nothing will happen. If he/she isn't using a secure connection then he will be redirected to:
"https://" +
Request.ServerVariables["HTTP_HOST"] will return the current website domain name. For example www.experts-exchange.com
and then finally we append the remaining of the user request with HttpContext.Current.Request.RawUrl. So for example if I had that code in the experts exchange website (assuming the website was asp.net which it isn't, but let's assume it is for the sake of the example) and visited this page which is:

http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233

it would automatically redirect me to:
http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233

The breakdown in the commands above is
https:// = "https://"
www.experts-exchange.com/    = Request.ServerVariables["HTTP_HOST"]
Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233  = HttpContext.Current.Request.RawUrl

Is that clear enough for you?

0
 
LVL 4

Author Comment

by:asp_net2
ID: 34939002
Hi Yiogi,

No, still confused, you are showing the same URL's above. You also mention asp.net as an example but not in the code you provided. All my pages DO NOT require SSL only a certain directory such as "client/secure/index.aspx" so i need to make sure that if someone types in http://mysite.com/client/secure/index.aspx they get redirected to https://mysite.com/client/secure/index.aspx.
0
 
LVL 8

Expert Comment

by:Yiogi
ID: 34939462
Ah ok, I apologize I thought you wanted it for all the pages.

The code I have there will redirect the user to SSL for any page in the website if you place it in the global.asax file.

Just place the code below in your index.aspx.cs then. And you are all set.
protected override void OnInit(EventArgs e) {
        base.OnInit(e);
        if (!HttpContext.Current.Request.IsSecureConnection) {
            Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
        }
    }

Open in new window

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
crm development 2 37
Exception in Log4Net 1 20
Cannot upload files above 1mb IIS7 11 16
Birthdays 3 14
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now