Always use HTTPS when users are logged into the website.

Redirect from HTTP to HTTPS is critical for usability. Even experienced users may neglect to get the 's' on their http.

Follow this procedure to Redirect HTTP to HTTPS on IIS: