Integrated Windows Authentication & SSL

Question

I have an administrative website on our intranet that currently uses Integrated Windows Authentication through IIS. We would like to move this application to a

Answer 1

I've solved this as an IIS problem every time, not a code problem:

• create a new web site in IIS
• bind it to the same IP address (and/or host header), to your SSL cert and to port 443
• configure this to point to the same application root as the current port 80 site
• test to make sure that directly connecting to https://site gives the expected responses
• reconfigure the original site (still bound to port 80) to use the HTTP Redirect feature
• configure the port 80 site to redirect to the port 443 site; optionally, remove the application and virtual directory mappings (in case someone accidentally disables the redirect)

From then on, any user that just types the web site address into their browser will get a lightning-fast redirect message from IIS that sends them to the SSL-protected version of the site.