It’s possible to Force SSL on web pages using ASP. To do this you need to do 2 things.
- Create a ForceSSL.asp page
- Set the file as an include on any pages that require SSL
ForceSSL.aspWithin your website create a file called ForceSSL.asp. I usually put this file in a directory called includes.
ForceSSL.asp contents: <%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
Response.Redirect strSecureURL
End If
%>
Include FileOn every ASP page that requires SSL you will need to add the “include virtual” statement below, you may need to modify it to the location of your ForceSSL.asp file. If you notice on the default.asp page I have created below, I have placed the “include virtual” statement at the top of the document, you want to put it on top so it will run first.
<!–include virtual=”/include/ForceSSL.asp” –>
When implementing this solution you need to make sure to use relative paths for all references on your page because there is a possibility you will get a warning asking you if you want to display secure and insecure items. For example, if you have a logo on your page and the URL to this logo is
http://domain/images/logo.jpg, do not use the whole path because including the http:// will hard code this image to use http and not https. Instead use /images/logo.jpg.
Thanks