Checking for HTTPS
Suprisingly, IIS (at least 5 and I believe 6) doesn't support automatic redirect between HTTP and HTTPS. To handle this, you have to write an ISAPI add-on that will redirect to the new URL, or embed this logic in the application. To handle this, this can be done with JavaScript; I found this solution online:
if (window.location.protocol != 'https:')
window.location = 'https://' + location.host + location.pathname + location.search;
This simply changes the location if the protocol isn't HTTPS. Or, you can write .NET code that inspects the https:// using the Request.Uri.AbsoluteUri property, and if it isn't HTTPS, do this:
Response.Redirect("https://" + Request.Uri.AbsoluteUri.Replace("http://", ""));
This redirects to the HTTPS site.