HTTPS for only one ASP.NET page (Login.aspx), HTTP always for rest of site

Question

I have an ASP.NET 4.0 webforms site with an SSL certificate on it. I can currently go to the site via HTTP or HTTPS and it works fine. Regardless or the merits of the decision, what my manager wants is to be able to go to http://example.com/Login.aspx and have that redirect to https://example.com/Login.aspx so that HTTPS is enforced on ONLY this Login.aspx page. However, when logged in (Login.aspx redirects user to Default.aspx), the rest of the site needs to always be regular HTTP.

Bottom line: Login.aspx should always be HTTPS, regardless if the user entered in HTTP or HTTPS when going to the site. The rest of the site should always be HTTP. How can I achieve this via IIS or a code solution?

UPDATE 1: Here's the coded solution I've got working. I'd like to try with IIS Rewrite Module, just waiting on IT support to install it for me. RequireHttpsOnLogin() is called in Global.asax.cs in method Application_BeginRequest:

public void RequireHttpsOnLogin()
    {
        if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false) && HttpContext.Current.Request.FilePath.EndsWith("Login.aspx"))
        {
            //On HTTP login page on server, redirect to HTTPS
            Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
        }
        else if (HttpContext.Current.Request.IsSecureConnection.Equals(true) && HttpContext.Current.Request.IsLocal.Equals(false) && !HttpContext.Current.Request.FilePath.EndsWith("Login.aspx"))
        {
            //Not on HTTP login page and on server, redirect to HTTP
            Response.Redirect("http://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
        }
    }

UPDATE 2: The following is working for the Login page to be HTTPS, but not the other pages to be HTTP always.

<rewrite>
      <rules>
        <rule name="Redirect HTTP to HTTPS" stopProcessing="true">
          <match url="(Login.aspx)" ignoreCase="true"/>
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true"/>
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found"/>
        </rule>
        <rule name="Redirect to HTTP" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{R:1}" pattern="(login.aspx)" negate="true" ignoreCase="true" />
            <add input="{HTTPS}" pattern="^ON$" />
          </conditions>
          <action type="Redirect" url="http://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>

Answer 1

Try adding below in your Web.config

 <system.webServer>
<rewrite>
      <rules>
        <rule name="Redirect HTTP to HTTPS" stopProcessing="true">
          <match url="(Login.aspx)"/>
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true"/>
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found"/>
        </rule>
      </rules>
    </rewrite>
  </system.webServer>

Answer 2

您可以将代码放在方法Application_BeginRequest中的Global.asax.cs中，以根据需要强制重定向。