I have SSL installed at the root of a server. I have a page whose code behind code is supposed to redirect after certain validation to a secure page. Here's the redirect code: switch (PageBase2.GetParameterValue("Environment")) //Retrieves App Setting named Environment from web.config { case "Server": strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx"; break; case "Local": strURL = @"http://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx"; break; default: strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx"; break; } Response.Redirect(strURL, false); But the page that's been served by IIS is non-secure. I looked at the firebug console and it appears that the client does make a get request to https://server/checkout/payment.aspx but IIS responds with a 302 to http://server/checkout/payment.aspx Any clues, as to what could be causing it. I've even tried forcing SSL for the page, but it doesn't work I get 403.4 error. (SSL is required to view this resource.) And if i remove the redirection logic and code the payment page to redirect to its SSL version when the connection is not secure using Request.IsSecureConnection, i end up with an endless redirect loop, simply because IIS still won't serve the secure version without a 302. Any ideas?