Why does IIS respond to a secure(SSL) page request with a 302 to its non-secure version?
- by ISawrub
I have SSL installed at the root of a server. I have a page whose code behind code is supposed to redirect after certain validation to a secure page. Here's the redirect code:
switch (PageBase2.GetParameterValue("Environment")) //Retrieves App Setting named Environment from web.config
{
case "Server":
strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
break;
case "Local":
strURL = @"http://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
break;
default:
strURL = @"https://" + HttpContext.Current.Request.Url.Authority + "/checkout/payment.aspx";
break;
}
Response.Redirect(strURL, false);
But the page that's been served by IIS is non-secure. I looked at the firebug console and it appears that the client does make a get request to https://server/checkout/payment.aspx but IIS responds with a 302 to http://server/checkout/payment.aspx
Any clues, as to what could be causing it. I've even tried forcing SSL for the page, but it doesn't work I get 403.4 error. (SSL is required to view this resource.)
And if i remove the redirection logic and code the payment page to redirect to its SSL version when the connection is not secure using Request.IsSecureConnection, i end up with an endless redirect loop, simply because IIS still won't serve the secure version without a 302.
Any ideas?