How to redirect http request to https before the basic authentication popup

2
votes

I'm using basic authentication on my site, which does a simple windows popup asking for username and password. I'm wondering if there's a way to redirect http traffic to https traffic before this popup? Currently, i'm using a custom redirect error page, so when someone goes to http://www.mysite.com/ the popup comes up and asks for username password, and after they enter it the page redirects http traffic to https. But i'm assuming that password is sent in clear text, since the redirect is happening after the login attempt.

I've tried playing with IIS, and javascript on the page itself, but it seems the popup is happening before any of that comes into play. Is there anyway to redirect before that popup comes up?

Thanks!

1
httpsiis-6basic-authentication

1 Answers

0
votes

I know this is old but here is how I managed to achieve this for anyone who would need the same.

  1. Remove the HTTP bingind on the target domain's virtual server
  2. Create a second virtual server for the same domain with only HTTP binding
  3. Add a rewrite rule to the new virtual server that redirects all trafic to the HTTPS version of the domain

This is the only straight forward way i found and it is probably the simplest.

Voila!