You can force .NET using both Webforms and MVC to redirect all non-ssl requests to ssl requests. You will probably want a parameter to control whether this is done to allow different ssl behavior in different staging environments.
protected void Application_BeginRequest()
{
//redirect to https
string url = HttpContext.Current.Request.Url.ToString();
bool forceSSL = false;
//dont redirect to ssl on localhost
//could also set up a appsetting to control when to force ssl
forceSSL = !url.Contains("localhost");
if (forceSSL)
{
string scheme = HttpContext.Current.Request.Url.Scheme;
if (!url.StartsWith("https://"))
{
string newUrl = url.Replace("http://", "https://");
Response.Redirect(newUrl);
}
}
}