jbotsford

You need to force a users sessions into Secure Sockets/Transport Layer Security. If your like me, you administer the server and not the actual application. Thus, I am not going to add any code/scripting into the application administrators web pages. The easiest approch I have found to redirecting a web page (without using a script) to port 443 (SSL/TLS) is to create a second site within IIS using the same host header as the site you are wanting to force into SSL/TLS. The steps are as follows:

1. Ensure the primary site is requiring SSL (Image 1).












2. Staying on the primary site, click the web site tab, then click advanced.
3. Here you modify the identity of the web site using host headers. Change the TCP port to anything other than 80 (81 is probably a good choice.).





4. Click OK and OK to accept the new settings.

What you just did was set the site to only accept secure connections (step 1) and changed TCP port 80 to 81. At this point if you were to attempt to access the site using the appropriate URL and port 81 (example: http://localhost:81/) a 403.4 error should be displayed saying https is required. Now we can create the secondary site that will force the SSL redirect.

1. In IIS Manager right-click Web Sites and select New - Web Site.
2. Give the site a descriptive name, such as your site ssl redirect.
3. Right-click the site and select properties.
4. Under Web Site click advanced and add a new host header value. This value must match the Host Header value (yoursite.yourdomain.com) of the site you want redirected to SSL.
5. Select OK.
6. Select the home directory tab.
7. Choose "A redirection to a URL".
8. In the Redirect to: box enter the URL (https://yoursite.yourdomain.com/).












Test.

The site you just created should accept connections on port 80 (unsecure) and redirect the same URL (host header) to the primary site on port 443 (SSL/TLS).