How to force https in mvc

Security > SSL
If you want to let your MVC5 (or lower - this is not for Core) site force to use https, here are the changes that one needs in order for your site to always redirect to HTTPS. NO web.config rewrite rules are necessary.
 
 
 
1. In root/Global.asax.cs:

protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();

// Add offline for maintenance filter
GlobalFilters.Filters.Add(new OfflineActionFilter());

FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);

AntiForgeryConfig.RequireSsl = true; // ADD THIS LINE - THE LINES ABOVE ARE DEFAULTS AND ALREADY THERE
}

2. In root/App_Start/FilterConfig.cs:

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new RequireHttpsAttribute()); // ADD THIS LINE
}

3. In root/web.config (for Release build):

<system.web>
<!-- ... other lines already here ... ignore -->
<!-- ADD THE FOLLOWING LINE -->
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
</system.web>