I've got an ASP.NET MVC3 application deployed on a shared server. I've also installed an appropriate SSL certificate. I would like to have ALL pages served via HTTPS (encrypted). My controllers all have the [RequireHTTPS] attribute but there are still files that can be surreptitiously downloaded via port 80 (by appending :80 to the hostname in the request), so I guess what I need is the IIS "RequireIIS" property. Unfortunately this is not accessible to me, so would I get the same effect by simply changing permissions on the site's root folder to "Allow Anonymous Access for SSL" and "Enable Read Permissions for SSL" and leave the non-SSL counterparts unchecked?
Thanks in advance for any info.