HTTP to HTTPS redirection using ASP.NET HTTP Module

  • Article

I have been very quiet from last couple of months after moving in to SharePoint space. Let me start with a simple  ASP.NET module which I wrote sometime back for HTTP to HTTPS redirection. Recently, I have seen many requests coming with this requirement from developers who has very little control over the web server in a web hosting scenario. They don't want to depend on the web administrator to achieve the simple tasks like redirection from HTTP to HTTPS after hosting their web application (i.e  assuming SSL is configured correctly by the administrator).

Here is a simple HTTP module to achieve the HTTP to HTTPS redirection. The module has registered to listen for one event called context_BeginRequest which does the trick when the first request begins.

 using System;

 using System.Collections.Generic;

 using System.Web;

  

 public class Redirect : IHttpModule

 {

  

     public Redirect() {}

     #region IHttpModule Members

     public void Dispose()

     {

         throw new NotImplementedException();

     }

  

     public void Init(HttpApplication context)

     {

        context.BeginRequest += new EventHandler(context_BeginRequest);

     }

  

     void context_BeginRequest(object sender, EventArgs e)

     {

         HttpApplication AppObject = (HttpApplication)sender;

  

         if (!AppObject.Request.IsSecureConnection)

         {

             // send user to SSL 

             string serverName = HttpUtility.UrlEncode(AppObject.Request.ServerVariables["SERVER_NAME"]);

             string filePath = AppObject.Request.FilePath;

             AppObject.Response.Redirect("https://" + serverName + filePath);

         }

     }

     #endregion

 }

 

You can copy the above code in to class file and save the file as “Redirect.cs”. We can plug this module to ASP.NET pipeline through the application configuration file as shown below. With ASP.NET 2.0, we dont even need to worry about compiling the class in to a DLL. All we need to is put this class file under App_Code (If you don't have one, please create the folder by name “App_Code”) directory of the application root folder. In ASP.NET 2.0 everything under App_Code directory will be compiled in to a single DLL.

 

  <httpModules>

       <clear />

        <add name="Redirect" type="Redirect"/> 

       <add name="SPRequest" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule, Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

       <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />

       <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />

       <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />

       <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />

       <add name="RoleManager" type="System.Web.Security.RoleManagerModule" />

       <add name="PublishingHttpModule" type="Microsoft.SharePoint.Publishing.PublishingHttpModule, Microsoft.SharePoint.Publishing, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

  </httpModules>

 

As shown below, you need uncheck the “require SSL” option under SSL Setting for that web application to allow HTTP traffic and for the code to work as expected.

image 

 

Hope that helps!

Sojesh