Force https with URL rewrite

For most sites, after installing a SSL certificate, https can be forced by adding a URL rewrite rule to the site's web.config file.  Though, please note it will not apply to all sites, for example it may not work for those using routing or it may conflict with any existing URL rewrite rules.  In the case of a CMS like WordPress or nopCommerce, it is often a setting within the CMS itself.  The URL rewrite rule will not always work for ASP.NET Core sites (see below for more information).
 
 
URL rewrite rule to redirect all requests to https
 
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Redirect to https" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>
 
 
Redirect to https in Core
 
For Core apps, UseHttpsRedirection middleware can be used to force https by adding app.UseHttpsRedirection(); to the startup.cs as in the example below

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
  {
    app.UseHttpsRedirection();
  }

More detailed information can be found after the link https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl


Securing domain pointers with a single domain certificate

Because multi-domain certificates can be cost prohibitive or less than straight forward to order, a workaround is using domain forwarding and flexible SSL through cloudflare.com.  Flexible SSL means the connection is secure between the client and cloudflare, but is not secure between cloudflare and the site.  So it shouldn't, for example, be used to secure a subdirectory pointer.  But is sufficient when a domain pointer is only an alternate address for a site.  Please note that this will assume some familiarity with cloudflare since it is an external service.



Add the domain pointer as a website in cloudflare, select SSL to see the above screen and set SSL to Flexible.



Now create the domain forwarding rule by clicking Rules > Create Page Rule

In the If the URL matches field enter the domain pointer
For Then the settings are select "Forwarding URL" and  "301 - Permanent Redirect" and enter the primary site domain in the "Enter destination URL" field
Save and Deploy