Have you ever had trouble in IIS7+ getting http redirects working just the way you want them to? In particular, redirecting http to https using httpRedirect can be problematic at times, and ensuring that all traffic goes through the same URL (enforcing www in the URL) at the same time can cause heartburn!

I was able to find the perfect working solution to make both desires work exactly and in harmony. First, the answer lies in the Microsoft URL Rewrite module (link) available on iis.net. The first part of the solution can be found in an article on sslshopper.com titled “IIS7 Redirect HTTP to HTTPS (link)” which will guide you through creating a URL Rewrite module rule to redirect the site to the https version. Follow method 1 in that article, and your site will be perfectly and smoothly redirecting from http to https.

The second part of the solution is creating another rule to force the user to the www version of the site. The easiest way to create the rule is to edit the web.config for your site. You can follow the article titled “Rewriting Non WWW to WWW URL (IIS7 Servers Only) (link)” found at nextmill.net. As I said this is the quick and easy way, but if you prefer to use the URL Rewrite GUI, read on.

First, we’ll create the redirect to https rule. Browse to the site in IIS for which you wish to create the redirect rules, then open the URL Rewrite module. This assumes you have installed the module. You can find the module at the link above.

On the ‘Actions’ menu on the right side of the IIS Manager, click ‘Add Rule(s)’. Choose ‘Blank Rule’ and click OK.

You are now presented with a form. First, give the rule a name (i.e. Redirect to https). In the ‘Match URL’ section, select ‘Matches the Pattern’ for the ‘Requested URL:’ dropdown. Then choose ‘Regular Expressions’ for the ‘Using:’ dropdown. Then type the pattern (.*) and check the box for ‘Ignore Case’.

Click on the ‘Conditions’ line to expand that section. Click the add button. For the ‘Condition input:’ type {HTTPS}. For the ‘Check if input string:’ dropdown, choose ‘Matches the Pattern’. In the ‘Pattern:’ textbox, type off. Select the checkbox for ‘Ignore case’.

Skip the ‘Server Variables’ section. In the ‘Action’ section, choose ‘Redirect’ as the ‘Action type:’ On the ‘Redirect URL:’ line type ‘https://{HTTP_HOST}/{R:1}’. Check the ‘Append query string’ box, and choose the ‘Permanent (301)’ as the ‘Redirect type:’.

At this point, your site will automatically redirect to the https. So when a user enters www.yoursite.com in the address bar of their browser, your server will automatically forward them to the https://www.yoursite.com version of your site. However, at this point, when a user enters yoursite.com in the address bar or their browser, your server will also automatically forward them to https://yoursite.com (non-WWW URL). So we still need to make another rule to take care of redirecting to the WWW URL. This rule will follow mostly the same pattern as the other. The difference is the conditions and redirect URL.

First, choose a name for the rule (i.e. WWW Redirect). Enter the same data in the ‘Match URL’ section as you entered for the https redirect rule. Now in the conditions section, add a condition, and enter the following information. Set the ‘Condition input:’ line to {HTTP_HOST}. Set the ‘Check if input string:’ dropdown to ‘Does Not Match the Pattern’. Enter the following in the ‘Pattern:’ line ^www\.([.a-zA-Z0-9]+)$ and then check the ‘Ignore case’ checkbox.

Again, ignore the ‘Server Variables’ section. In the ‘Action’ section, choose ‘Redirect’, enter ‘http://www.{HTTP_HOST}/{R:0}’ in the ‘Redirect URL:’ line, check the ‘Append query string’ checkbox, and choose ‘Permanent (301)’ as the ‘Redirect type:’.

This will have your IIS7+ site redirecting its visitors to the https://www.yoursite.com version of your site. It will also properly redirect a visitor who types a sub-page directly into their browser address bar, such as yoursite.com/subpage.aspx. A visitor who types that into their address bar will be smoothly and properly redirected to https://www.yoursite.com/subpage.aspx. Hope this helps someone!