I finished the implementation of the company blog site on HTTPS with user/password protection enabled. I've blogged about this topic before, and now I can say “I'm done”!
It ended up being a little simpler than I anticipated. First I thought I'd have to extend the HttpHandler in .Text, then I thought I could make due with an HttpHandler app sitting on the HTTP site and redirecting to the HTTPS site. Instead, I created a virtual directory that redirects all content with the URL and query string passed as parameters to a single aspx page in the https site. The aspx page redirects to the passed URL/QueryString combo with “https://” prepended. Simple, fast and done. It might not be pretty, but it works like a charm.