I have a number of existing ASMX web services running on IIS7, and want to change them so that all requests and responses must be made over HTTPS.
The site is also running other pages like PHP and Classic ASP, so I can't just change the site root to serve HTTPS pages.
How can I set this per ASMX serivce (application), so that if somebody visits http://www.mydomain.com/MyService/ServiceName.asmx it either redirects them to https://www.mydomain.com/MyService/ServiceName.asmx or returns a 404 error ?
Thoughts and best approach ?
Have you tried with URL rewrite?
<rewrite>
<rules>
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)/ServiceName.asmx" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
A simpler solution would be just to include the following code in the constructor of each service - allowing you to decide it on each service individually.
if (!HttpContext.Current.Request.IsSecureConnection)
{
var sslUrl = HttpContext.Current.Request.RawUrl.Replace("http://", "https://");
Response.Clear();
Response.Write(string.Format("This service requires a SSL connection please go to {0}", sslUrl));
Response.End();
// Or simply redirect
// Response.Redirect(sslUrl);
}
I will encourage you to use WCF instead of ASMX http://msdn.microsoft.com/en-us/library/aa480190.aspx.
For your above question, does this solve your issue?
http://msdn.microsoft.com/en-us/library/aa302409.aspx
Thanks...
来源:https://stackoverflow.com/questions/19242207/how-to-enforce-https-for-asmx-service