Sacha Faust has published an IIS http module for the Strict Transport Security protocol. From his blog
"I’ve been tackling the problem of users connecting to online services from untrusted network. At work we typically call this the “Startbucks” scenario where a user is connecting to a random wifi and accessing corporate data through online services. For the majority of the cases, the browser is used to connect to the services and I don’t expect it to change much for the next few years.
One of the new proposal I’ve stumble upon is the Strict Transport Security proposal which is being sponsored by Paypal and currently supported by the Google Chrome browser. The spec is still under review and the latest version is available at http://lists.w3.org/Archives/Public/www-archive/2009Dec/att-0048/draft-hodges-strict-transport-sec-06.plain.html .
The proposal is quite simple and aims at forcing the browser to only connect over SSL by redirecting HTTP traffic to HTTPS at the browser level so that no connection is made over HTTP. This is implemented by adding a server component that provides the browser with a connection policy and by a browser component which enforce the policy provided by the server."
…
"After reading the specification, I realize that implementing the server processing is quite simple under ASP.NET and decided to implement a quick STS HTTP Module for ASP.NET and make it available."
Link: http://blogs.msdn.com/sfaust/archive/2010/05/12/strict-transport-security-asp-net-module.aspx
