How to Enforce HTTPS For ASMX Service

Question

I have a number of existing ASMX web services running on IIS7, and want to change them so that all requests and responses must be made over HTTPS.

The site is also running other pages like PHP and Classic ASP, so I can't just change the site root to serve HTTPS pages.

How can I set this per ASMX serivce (application), so that if somebody visits http://www.mydomain.com/MyService/ServiceName.asmx it either redirects them to https://www.mydomain.com/MyService/ServiceName.asmx or returns a 404 error ?

Thoughts and best approach ?

Do I need to provide any further information to get a response. — neildt, Oct 09 '13 at 08:13

score 4 · Accepted Answer · answered Oct 12 '13 at 08:45

4

Have you tried with URL rewrite?

<rewrite>
    <rules>
        <rule name="Force HTTPS" stopProcessing="true">
            <match url="(.*)/ServiceName.asmx" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

answered Oct 12 '13 at 08:45

šljaker

7,294
14
46
80

1

If I set this rule and use "http://www.example.com/MyService/ServiceName.asmx" (http not https) I get an "Object moved" error and can not access the webservice. There is something more I have to do? (Using NET Framework 4.0) – Oliver Nov 15 '22 at 16:59

score 2 · Answer 2 · answered Oct 17 '13 at 05:21

A simpler solution would be just to include the following code in the constructor of each service - allowing you to decide it on each service individually.

if (!HttpContext.Current.Request.IsSecureConnection)
{
    var sslUrl = HttpContext.Current.Request.RawUrl.Replace("http://", "https://");

    Response.Clear();
    Response.Write(string.Format("This service requires a SSL connection please go to {0}", sslUrl));
    Response.End();

    // Or simply redirect
    // Response.Redirect(sslUrl);
}

score 0 · Answer 3 · answered Dec 01 '20 at 14:54

The redirect that @oexenhave used did not work for me. Instead I used the following (with a tip of the hat to @oexenhave for doing most of the good work)

if (!HttpContext.Current.Request.IsSecureConnection)
{
  var sslUrl = HttpContext.Current.Request.RawUrl.Replace("http://", "https://");
  Context.RewritePath(sslUrl);
}

Add this into the asmx constructor.

score -3 · Answer 4 · answered Oct 17 '13 at 09:32

-3

I will encourage you to use WCF instead of ASMX http://msdn.microsoft.com/en-us/library/aa480190.aspx.

For your above question, does this solve your issue?

http://msdn.microsoft.com/en-us/library/aa302409.aspx

Thanks...

answered Oct 17 '13 at 09:32

Jag

123
3
14

How to Enforce HTTPS For ASMX Service

4 Answers4

Linked