Created
October 14, 2014 05:56
HTTP -> HTTPS redirect and add HSTS header
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ... | |
| protected void Application_BeginRequest(object sender, EventArgs e) | |
| { | |
| switch (Request.Url.Scheme) | |
| { | |
| case "http": | |
| RedirectToHttps(); | |
| break; | |
| case "https": | |
| AddStsHeader(); | |
| break; | |
| } | |
| } | |
| void AddStsHeader() | |
| { | |
| Response.AddHeader("Strict-Transport-Security", "max-age=31536000"); | |
| } | |
| void RedirectToHttps() | |
| { | |
| var path = "https://" + Request.Url.Host + Request.Url.PathAndQuery; | |
| Response.Status = "301 Moved Permanently"; | |
| Response.AddHeader("Location", path); | |
| } | |
| // ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I forget the context of this gist, and haven’t programmed in .net since 2015. Don’t look at this as any sort of best practice without doing your own due diligence to understand the problem and solution. Good luck