I got this code from here.

Notice I remmed out the part that redirects to ISSExpress 44300 port because I want to use II7.5 on dev box without https.

  public class CustomRequireHttpsFilter : RequireHttpsAttribute
        {
        protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
            {
            // The base only redirects GET, but we added HEAD as well. This avoids exceptions for bots crawling using HEAD.
            // The other requests will throw an exception to ensure the correct verbs are used. 
            // We fall back to the base method as the mvc exceptions are marked as internal. 

            if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)
                && !String.Equals(filterContext.HttpContext.Request.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase))
                {
                base.HandleNonHttpsRequest(filterContext);
                }

            // Redirect to HTTPS version of page
            // We updated this to redirect using 301 (permanent) instead of 302 (temporary).
            string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;

            //if (string.Equals(filterContext.HttpContext.Request.Url.Host, "localhost", StringComparison.OrdinalIgnoreCase))
            //    {
            //    // For localhost requests, default to IISExpress https default port (44300)
            //    url = "https://" + filterContext.HttpContext.Request.Url.Host + ":44300" + filterContext.HttpContext.Request.RawUrl;
            //    }

            filterContext.Result = new RedirectResult(url, true);
            }
        }

Then, in my FilterDonfig.cs I added this. What it does is it only uses the override above if Web.config has "Debug=false", which is what it has in Production. I don't need to run Release in my development environment, and I also don't want configure local IIS to handle SSL. Notice I remmed out the "RequireHttpsAttribute()" and used the new one above.

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        if (!HttpContext.Current.IsDebuggingEnabled)
            {
            /////filters.Add(new RequireHttpsAttribute());
            filters.Add(new CustomRequireHttpsFilter());
            }
     }
}

Am I doing the right thing? Is this how to make sure SEO is optimized because search bots only keep track of one website? My understanding is that "http" and "https" are considered 2 separate websites by search engines. Am I doing this in the right place? Not sure what other code I am getting in the way of.

===============

I asked my ISP about how to do permanent redirects and suggested this solution and they said:

Dear Customer, We did not setup redirection. However, we corrected https bind setting in IIS to fix the problem.

I wonder if IIS can do the same thing and that is what they did. I hope I'm in the right forum :)

How about doing this at an IIS level using the URL rewrite module: http://forums.iis.net/t/1153050.aspx?URL+Rewrite+for+SSL+redirection

To turn it off in dev, just set the enabled rule to false in your dev web.config, but enable it for all servers/environments that have HTTPS set up.

I've used it in the past and its worked really well. Saves cluttering your app with code that isn't app related.