Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 609
  • Last Modified:

URL Rewrite

Hi EE,

I need to redirect users in my web.config file if a user tries to enter http://mysite.com/secure which should be https://mysite.com/secure. Is there a way to do this in the web.config file such as URL Rewrite? I don't have access to IIS since I'm on a Shared Hosting Plan so it needs to be done in web.config file.

Thanks in advance!!!
0
asp_net2
Asked:
asp_net2
1 Solution
 
YiogiCommented:
You can do it easily in your global.asax. Just add this method, or add the code inside it, if you already have the method specified.


protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}

Open in new window

0
 
asp_net2Author Commented:
Hi Yiogi,

Ok, but where do I put the URL that I want to have redirected to https at?
0
 
SAMIR BHOGAYTAFreelancer and IT ConsultantCommented:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
asp_net2Author Commented:
That does not show how to redirect a user who visits http://www.mysite.com to https://www.mysite.com. I need to have the http site redirected to https. Can  you show me how to do this?
0
 
Rahul AgarwalTeam LeaderCommented:
add global.asax file from right click on project in solution explorer->add new items->add global.asax file.

Put this code:

protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}
0
 
YiogiCommented:
You will not put the url to redirect to anywhere. It will redirect the user to the exact same url he typed in the address but to secure version of the page instead. So if for example user navigated to:

http://www.mysite.com/test/default.aspx?asds=value

he will be redirected to:
https://www.mysite.com/test/default.aspx?asds=value

This is exactly what Request.ServerVariables["HTTP_HOST"] +   HttpContext.Current.Request.RawUrl
will do for you. Replace the url with the one the user originally navigated to. That is the beauty of it.
0
 
asp_net2Author Commented:
Hi Yiogi,

Not sure where to put the http URL at in the following code that you provided below.


protected void Application_BeginRequest(Object sender, EventArgs e)
{
   if (!HttpContext.Current.Request.IsSecureConnection)
   {
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+   HttpContext.Current.Request.RawUrl);
   }
}
0
 
YiogiCommented:
Ok let me try and explain better. You put the code I provided in global.asax file. That will fire when someone tries to access your website.

"if (!HttpContext.Current.Request.IsSecureConnection)" will check if the user is using an SSL connection. If he/she is nothing will happen. If he/she isn't using a secure connection then he will be redirected to:
"https://" +
Request.ServerVariables["HTTP_HOST"] will return the current website domain name. For example www.experts-exchange.com
and then finally we append the remaining of the user request with HttpContext.Current.Request.RawUrl. So for example if I had that code in the experts exchange website (assuming the website was asp.net which it isn't, but let's assume it is for the sake of the example) and visited this page which is:

http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233

it would automatically redirect me to:
http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233

The breakdown in the commands above is
https:// = "https://"
www.experts-exchange.com/    = Request.ServerVariables["HTTP_HOST"]
Networking/Protocols/Application_Protocols/SSL/Q_26817595.html?cid=1572#a34896233  = HttpContext.Current.Request.RawUrl

Is that clear enough for you?

0
 
asp_net2Author Commented:
Hi Yiogi,

No, still confused, you are showing the same URL's above. You also mention asp.net as an example but not in the code you provided. All my pages DO NOT require SSL only a certain directory such as "client/secure/index.aspx" so i need to make sure that if someone types in http://mysite.com/client/secure/index.aspx they get redirected to https://mysite.com/client/secure/index.aspx.
0
 
YiogiCommented:
Ah ok, I apologize I thought you wanted it for all the pages.

The code I have there will redirect the user to SSL for any page in the website if you place it in the global.asax file.

Just place the code below in your index.aspx.cs then. And you are all set.
protected override void OnInit(EventArgs e) {
        base.OnInit(e);
        if (!HttpContext.Current.Request.IsSecureConnection) {
            Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
        }
    }

Open in new window

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now