Versions Compared

Old Version 5

changes.mady.by.user Mont Rothstein

Saved on

compared with

New Version 6

changes.mady.by.user Mont Rothstein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open web.config
  2. Find <services>
  3. For each endpoint within each <service> do one of:
    1. For HTTPS access only: Edit “Http” in binding value to “Https”.

      Ex: “basicHttpBinding” ➔ “basicHttpsBinding”; “mexHttpBinding” ➔ “mexHttpsBinding”

    2. For both HTTP and HTTPS access: Add a copy all endpoints with “Http” in binding value and edit value to have Https.

      Ex: Copy endpoint line and edit “basicHttpBinding” ➔ “basicHttpsBinding” – Use this if both HTTP and HTTPS will be used.

HTTP Redirect to HTTPS

Use the URL Rewrite

...

Redirect HTTP to module to change incoming HTTP URLs to be HTTPS.

Info

If HTTP is going to be blocked then this section can be skipped. What that means is that if HTTP is used the URL will be denied, not redirected to HTTPS.

...

  1. Install the URL Rewrite Module for IIS: http://www.iis.net/downloads/microsoft/url-rewrite
  2. Require SSL must not be checked for either Default Web Site or for any application (ex: AdamsAdmin, AdamsWeb, AdamsBridge, etc) under that.  You can check the SSL Settings for each to see that it isn’t.
  3. Create the URL rewrite rules for the Default Web Site
    1. In IIS Manager select the Default Web Site
    2. In the IIS section, open the URL Rewrite module

      NOTE: If the URL Rewrite module does not appear as an option after installing it, try closing and reopening IIS Manager.

    3. Click Add Rule(s)…
    4. Select Inbound rules > Blank rule
    5. Select OK
    6. Fill in the following information
      1. Name - HTTP to HTTPS Redirect
      2. Match URL
        1. Requested URL - Matches the Pattern
        2. Using - Regular Expressions
        3. Pattern - (.*)
        4. Ignore case - checked
      3. Conditions
        1. Logical grouping: Match All
        2. Click Add…
          1. Condition input - {HTTPS}
          2. Check if input string - Matches the Pattern
          3. Pattern - ^OFF$
          4. Ignore case - checked
          5. Click OK
      4. Action
        1. Action type: Redirect
        2. Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
        3. Append query string: un-checked
        4. Redirect type: Permanent (301)
    7. Click Apply (in the upper hand corner)
    8. Click Back to Rules
    9. Restart the web application pool

Require SSL/TLS

Require SSL/TLS/HTTPS for all apps.

Info

Skip this section if incoming HTTP URLs will be redirected to HTTPS. Require SSL denies HTTP requests before they can be redirected.

  1. IIS Manager
  2. Select Default Web Site
  3. Double click on IIS > SSL Settings
  4. Check the "Require SSL" box
  5. Leave Client certificates set to Ignore
  6. Select Apply in the Actions pane
  7. Click to select the Default Web Site
  8. Click Restart


Tip
Test to make sure that users can access the web site and applications using both http:// and https:// with http:// redirecting to https://

...