Search code examples
asp.netsslhttp-status-code-403

Automatic IIS6 403.4 redirect to SSL not working

I've got a single directory in my ASP.Net website that I need to have SSL Enabled. For all other directories, I don't want SSL Enabled.

Using IIS, I've checked the Require secure channel (SS) and 128-bit encryption checkboxes for the folder I want to require SSL.

Now, when a user types in "http://", for my secure directory, I want to automatically redirect them to "https://". I've tried two approaches, and both have failed.

Approach 1: Change the IIS Custom Errors page for the directory for 403;4 to a URL pointing to : "/Intranet2/SSLRedirect.aspx". The SSLRedirect will point them to the correct site. When I do that, I get "The specified request cannot be executed from current Application Pool" error, even though the url is a part of the website and I only have one app pool for the entire website (not the DefaultAppPool).

Approach 2: Add a web.config in the directory to overide the 403 error code. Looks like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <customErrors defaultRedirect="../Default.aspx" mode="On">
            <error statusCode="403" redirect="../SSLRedirect.aspx" />
        </customErrors>
    </system.web>
</configuration>

But when I make this change, I always get the default 403.4 defined in IIS.

Any suggestions?

Solution

  • Approach 1: You appear to be mistaken in thinking that you only have one app pool configured for the entire website. You probably have one for the default site and another for a virtual directory you are working with. Your choices are either :

    a) Reconfigure it so that you really do have only one app pool for the entire site,

    b) Serve the error page out of a directory that is in the same app pool as the page generating the error

    c) Tweak the registry to shut this error off: Set IgnoreAppPoolForCustomErrors to 1 in HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters . See http://blogs.msdn.com/b/rakkimk/archive/2006/09/01/735684.aspx

    Approach 2: Custom Errors in web.config are only used if asp.net is handling the error. I believe IIS isn't engaging asp.net handling engine here because the ssl check failed. So this simply won't work here.