First, get a certificate so you can have a https website.
Second, in Directory Security - Secure Communications section of the properties of your website, hit the edit button and choose Require secure channel (SSL).
In order to have whatever page on your IIS website automatically redirect to a secure version, replace the 403.4 file in the Custom Error section of your website with the following script. I generally call it 403-4.htm.
<HTML>
<HEAD>
<TITLE>REDIRECT</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<script>
var theLink = "https://" + location.hostname + window.location.pathname + window.location.search;
function redirectPage()
{
window.location.href= theLink;
}
</script>
</HEAD>
<BODY bgColor="#FFFFFF" leftMargin="0" topMargin="0"
onLoad="redirectPage();">
one moment please ... (redirecting to secure site)
</BODY>
</HTML>
