You need URL Rewrite module, preferably v2 (I have no v1 installed, so cannot guarantee that it will work there, but it should).
Here is an example of such web.config — it will force HTTPS for ALL resources (using 301 Permanent Redirect):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
P.S.
This particular solution has nothing to do with ASP.NET/PHP or any other technology as it’s done using URL rewriting module only — it is processed at one of the initial/lower levels — before request gets to the point where your code gets executed.