65.9K
CodeProject is changing. Read more.
Home

www and HTTPS redirect

StianSandberg
starIconstarIconstarIconstarIconstarIcon

5.00/5 (5 votes)

Jul 16, 2012

CPOL
viewsIcon

16280

Make sure your website with and without www redirects to the same page.

Introduction

It is highly recommended to set up a redirect from non-www to www URL. Ideally search engines will most probably catch on to the situation eventually, in the meantime your site is subject to several different problems that may damage your rankings.

This code can be placed in your global.asax to ensure all your visitors are redirected if they don't write www. in the address and redirect http --> https. This code will keep the URL as is and the querystring.

Using the code

Implement the following code in your global.asax's Application_BeginRequest:

var context = HttpContext.Current;
// Check if there is a HttpContext
if (context == null)
    return;

// Don't apply if it's a local requst.
if(Request.IsLocal) 
    return;

// this variable will tell if a redirect is necessary
var redirect = false;

// Get the current uri so we can read the schema, host and querystring
var uri = context.Request.Url; 
var scheme = uri.GetComponents(UriComponents.Scheme, UriFormat.Unescaped);
var host = uri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
var pathAndQuery = uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);


// If you want to force https
if (!scheme.Equals("https"))
{
    scheme = "https";
    redirect = true; 
}

if (!host.StartsWith("www.", StringComparison.OrdinalIgnoreCase))
{
    host = "www." + host;
    redirect = true;
}

// scheme or host forced a redirect
if (redirect)
{
    // Add headers to redirect user
    HttpContext.Current.Response.Status = "301 Moved Permanently";
    HttpContext.Current.Response.StatusCode = 301;
    HttpContext.Current.Response.AddHeader("Location", scheme + "://" + host + pathAndQuery);
}

To avoid a whole lot of code in your global.asax, you should put this in another class and just call it from global.asax.. 

My complete implementation

In a common library somewhere in my solution:

public namespace SomeCommonLibrary
{
public static void EnsureSslAndDomain(HttpContext context, bool redirectWww, bool redirectSsl)
{
    if (context == null)
        return;

    var redirect = false;
    var uri = context.Request.Url;
    var scheme = uri.GetComponents(UriComponents.Scheme, UriFormat.Unescaped);
    var host = uri.GetComponents(UriComponents.Host, UriFormat.Unescaped);
    var pathAndQuery = uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);

    if (redirectSsl && !scheme.Equals("https"))
    {
        scheme = "https";
        redirect = true;
    }

    if (redirectWww && !host.StartsWith("www", StringComparison.OrdinalIgnoreCase))
    {
        host = "www." + host;
        redirect = true;
    }

    if (redirect)
    {
        context.Response.Status = "301 Moved Permanently";
        context.Response.StatusCode = 301;
        context.Response.AddHeader("Location", scheme + "://" + host + pathAndQuery);
    }
}
}

And then in my global.asax:

protected void Application_BeginRequest(object sender, EventArgs e)
{
    if(!Request.IsLocal)
        SomeCommonLibrary.EnsureSslAndDomain(HttpContext.Current, true, true); 
}