Feb 21, 2019 01:28 PM|mgebhard|LINK
You are trying to do to many things at one time.
Add the [Authorize] attribute to the controllers or actions you wish to secure. Implement an HTTP handler If you are trying to secure static files.
Your example on SO is using Session. Do not use Session when using Identity. It's not ideal to have two different frameworks handling security.
Also remove the rewrite rule and the begin request logic from the global.asax until you get the Identity working.
I recommend reading the Getting Started with Identity Tutorials to learn the basics.
Once you get Identity working, then you can add a filter to require HTTPS.
protected void Application_Start()
Configure IIS to handle HSTS