在 IIS 7.5 上運行的 ASP.NET 應用程序上強制使用 Https (Force Https on an ASP.NET app running on IIS 7.5)

問題描述

在 IIS 7.5 上運行的 ASP.NET 應用程序上強制使用 Https (Force Https on an ASP.NET app running on IIS 7.5)

I am forcing SSL on my entire site with the following code on my web.config file;

<system.webServer>
    <rewrite>
        <rules>
            <rule name="Redirect HTTP to HTTPS" stopProcessing="true">
                <match url="(.*)"/>
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$"/>
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther"/>
            </rule>
        </rules>
    </rewrite>
</system.webServer>

but what I would like to do is to force ssl only the ~/purchase/ and ~/account/ path and under them. what should be the match url for that? 

NOTE Regular Expressions also would work for me here as well as wildcard. 

‑‑‑‑‑

參考解法

方法 1:

You should use this pattern (this will work for /purchase/something as well as /account/something‑else):

^((purchase|account)/.*)$

You have to remember, that URL should have no leading slash /.

<?xml version="1.0" encoding="UTF‑8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Force HTTPS" stopProcessing="true">
                    <match url="^((purchase|account)/.*)$" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

方法 2:

you would do something like this (2 separate rules for simplicity)

  <match url="/purchase/(.*)"/>

(by tugberk、LazyOne、Peter Bromberg)

參考文件

1. Force Https on an ASP.NET app running on IIS 7.5 (CC BY‑SA 3.0/4.0)