www and HTTPS redirect

Introduction

It is highly recommended to set up a redirect from non-www to www URL. Ideally search engines will most probably catch on to the situation eventually, in the meantime your site is subject to several different problems that may damage your rankings.

This code can be placed in your global.asax to ensure all your visitors are redirected if they don't write www. in the address and redirect http --> https. This code will keep the URL as is and the querystring.

Using the code

Implement the following code in your global.asax's Application_BeginRequest:

var context = HttpContext.Current;
// Check if there is a HttpContext
if (context == null)
    return;

// Don't apply if it's a local requst.
if(Request.IsLocal) 
    return;

// this variable will tell if a redirect is necessary
var redirect = false;

// Get the current uri so we can read the schema, host and querystring
var uri = context.Request.Url; 
var scheme = uri.GetComponents(UriComponents.Scheme, UriFormat.Unescaped);
var host = uri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
var pathAndQuery = uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);


// If you want to force https
if (!scheme.Equals("https"))
{
    scheme = "https";
    redirect = true; 
}

if (!host.StartsWith("www.", StringComparison.OrdinalIgnoreCase))
{
    host = "www." + host;
    redirect = true;
}

// scheme or host forced a redirect
if (redirect)
{
    // Add headers to redirect user
    HttpContext.Current.Response.Status = "301 Moved Permanently";
    HttpContext.Current.Response.StatusCode = 301;
    HttpContext.Current.Response.AddHeader("Location", scheme + "://" + host + pathAndQuery);
}

To avoid a whole lot of code in your global.asax, you should put this in another class and just call it from global.asax..

My complete implementation

In a common library somewhere in my solution:

public namespace SomeCommonLibrary
{
public static void EnsureSslAndDomain(HttpContext context, bool redirectWww, bool redirectSsl)
{
    if (context == null)
        return;

    var redirect = false;
    var uri = context.Request.Url;
    var scheme = uri.GetComponents(UriComponents.Scheme, UriFormat.Unescaped);
    var host = uri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
    var pathAndQuery = uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);

    if (redirectSsl && !scheme.Equals("https"))
    {
        scheme = "https";
        redirect = true;
    }

    if (redirectWww && !host.StartsWith("www", StringComparison.OrdinalIgnoreCase))
    {
        host = "www." + host;
        redirect = true;
    }

    if (redirect)
    {
        context.Response.Status = "301 Moved Permanently";
        context.Response.StatusCode = 301;
        context.Response.AddHeader("Location", scheme + "://" + host + pathAndQuery);
    }
}
}

And then in my global.asax:

protected void Application_BeginRequest(object sender, EventArgs e)
{
    if(!Request.IsLocal)
        SomeCommonLibrary.EnsureSslAndDomain(HttpContext.Current, true, true); 
}

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

AlluvialDeposit

Software Developer (Senior)

Norway

Member

Follow on Twitter

Microsoft Certified Solutions Developer (MCSD)

My personal websites/projects:
CRM1.no - A free to use norwegian crm software
Fakturax - A free to use norwegian invoice software

Article Top

Poor

Excellent

Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Make sure your website with and without www redirects to the same page.

Type	Tip/Trick
Licence	CPOL
First Posted	16 Jul 2012
Views	3,950
Bookmarked	5 times

C#ASP.NET.NET