Bookmark and Share Subscribe Bookmark and Share



Automatically Redirect HTTP requests to HTTPS using ASP


 « »    

It’s possible to Force SSL on web pages using ASP. In this article I will show you how to accomplish this. To do this you need to do 2 things.

  1. Create a ForceSSL.asp page
  2. Set the file as an include on any pages that require SSL


Within your website create a file called ForceSSL.asp. I usually put this file in a directory called includes. You can get a copy of the file I used in this example here:

ForceSSL.asp contents:


If Request.ServerVariables("SERVER_PORT")=80 Then

Dim strSecureURL

strSecureURL = "https://"

strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")

strSecureURL = strSecureURL & Request.ServerVariables("URL")

Response.Redirect strSecureURL

End If


Include File

On every ASP page that requires SSL you will need to add the “include virtual” statement below, you may need to modify it to the location of your ForceSSL.asp file. If you notice on the default.asp page I have created below, I have placed the “include virtual” statement at the top of the document, you want to put it on top so it will run first.

<!–include virtual=”/include/ForceSSL.asp” –>

When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https. Instead use /images/logo.jpg.

Series NavigationAutomatically Redirect HTTP requests to HTTPS on IIS 6Automatically Redirect HTTP requests to HTTPS on IIS 7Automatically Redirect HTTP requests to HTTPS on IIS 7 using URL Rewrite 2.0

    Did I save you time and headaches? Buy me a cup of coffee.
    The more coffee I drink the more articles I can write.