HTTPS and canonical redirect for an ASP.NET website

https redirect

If you have an ASP.NET application, that you have either written yourself, or is a CMS like DotNetNuke, then you will want to have 2 specific redirects configured in your web.config file

Firstly, every website now should have an SSL certificate. Even if you don’t have a login, or a contact form on your site, just the fact that Google ranks site that load under https higher than http makes the effort to configure SSL worthwhile.

Secondly, you have use a canonical URL for your site. This is a singular URL that all requests get redirected to. Google typcially see and, as separate websites, so if you have of your inbound links to one variant, and half to the other variant, then your SEO and Google rankings will suffer.

You can easily resolve both of these issues by adding a rewrite rule to the web.config file in the root fo your website. The excerpt below redirects all requests where the url does not stat with, or that load without https to

	<rule name="Canonical hostname and https" stopProcessing="false">
	  <match url="(.*)"/>
	  <conditions logicalGrouping="MatchAny">
		<add input="{HTTP_HOST}" negate="true" pattern="^$"/>
		<add input="{HTTPS}" pattern="off"/>
	  <action type="Redirect" url="{R:1}" redirectType="Permanent"/>

This rewrite configuration section sits within the system.webServer config section in your web.config file.