diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs
index 8ef7753c6f..d26491f1d5 100644
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -19,12 +19,14 @@ using Umbraco.Web.UI.JavaScript;
using Umbraco.Web.PropertyEditors;
using Umbraco.Web.Models;
using Umbraco.Web.WebServices;
+using Umbraco.Web.WebApi.Filters;
namespace Umbraco.Web.Editors
{
///
/// A controller to render out the default back office view and JS results
///
+ [UmbracoUseSSL]
public class BackOfficeController : UmbracoController
{
///
diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoUseSSL.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoUseSSL.cs
new file mode 100644
index 0000000000..7b4037e31a
--- /dev/null
+++ b/src/Umbraco.Web/WebApi/Filters/UmbracoUseSSL.cs
@@ -0,0 +1,43 @@
+using System.Linq;
+using System.Web.Http;
+using System.Web.Http.Controllers;
+using Umbraco.Core;
+using System.Web.Mvc;
+using GlobalSettings = Umbraco.Core.Configuration.GlobalSettings;
+
+namespace Umbraco.Web.WebApi.Filters
+{
+ ///
+ /// If umbracoUseSSL property in web.config is set to true, this filter will redirect any http access to https.
+ ///
+ public class UmbracoUseSSL : RequireHttpsAttribute
+ {
+ ///
+ /// If umbracoUseSSL is true and we have a non-HTTPS request, handle redirect.
+ ///
+ /// Filter context
+ protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
+ {
+ // If umbracoUseSSL is set, let base method handle redirect. Otherwise, we don't care.
+ if (GlobalSettings.UseSSL)
+ {
+ base.HandleNonHttpsRequest(filterContext);
+ }
+ }
+
+ ///
+ /// Check to see if HTTPS is currently being used if umbracoUseSSL is true.
+ ///
+ /// Filter context
+ public override void OnAuthorization(AuthorizationContext filterContext)
+ {
+ // If umbracoSSL is set, let base method handle checking for HTTPS. Otherwise, we don't care.
+ if (GlobalSettings.UseSSL)
+ {
+ base.OnAuthorization(filterContext);
+ }
+ }
+
+
+ }
+}