Some time ago I rolled out a site where every request had to be over https. The only way at the time I could find to ensure that every request to a page was over https was to check it in the page load event.
Is there a better way — ideally some setting in the web.config?
Thanks
Bob from Maryland
Hello Bob
You can use the following code in the global.asax file to enforce https:
protected void Application_BeginRequest(Object sender, EventArgs e){
if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+ HttpContext.Current.Request.RawUrl);
}
}
Will