IIS filter to redirect secure pages


This is an Windows NT Internet Information Server ISAPI filter that redirects secure and non secure pages to their correct http:// or https:// URL.

Download the file securedi.zip which contains compiled dll as well as full source code, or just download the PDF documentation, which is also contained in the zip file.

YYYY extranet Web server, which is currently under development has secure and non secure pages. The web server handles all pages that pass secure data securely. The secure and non-secure pages reference each other using relative URLs. This means that a non-secure page referencing in a link presents an URL to the browser, which is non-secure. On the other hand the web server serves the page only through secure channel. This results an error response from the web server.

On the other hand: when a secure page references a non-secure page the non-secure page will be handled via secure channel. This does not cause any error, but results slower service consuming more resource. The web server serves the non-secure pages via secure as well as non-secure web server.

The official Microsoft Knowledge Base article suggests using absolute URLs whenever a secure/non-secure page link is needed. This is inconvenient. This prevents the developers to test the application in a non-secure web server and redeployment of the pages on a different server needs the alteration of all these absolute URLs because they contain the machine name.

The solution is a tool in the form of an ISAPI filter. This automatically detects secure and non-secure page requests and whenever the http request type differs from the type of the page, it responds to the client browser with a redirect command targeting the same page with the proper protocol (http or https).

If you want to change and use the code, you are free as much as GNU GPL provides. You have all necessary files in the ZIP.