Best way to force https for an entire site in

Some time ago I rolled out a site where every request had to be over https. The only way at the time I could find to ensure that every request to a page was over https was to check it in the page load event.

Is there a better way — ideally some setting in the web.config?


Bob from Maryland

One thought on “Best way to force https for an entire site in

  1. Hello Bob

    You can use the following code in the global.asax file to enforce https:

    protected void Application_BeginRequest(Object sender, EventArgs e)
    if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
    Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
    + HttpContext.Current.Request.RawUrl);


Comments are closed.