How to enforce SSL in ASP.Net Core

Take advantage of HTTPS and the HSTS security enhancement to encrypt web client and server communications in your ASP.Net Core applications

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Secure Sockets Layer—SSL for short—is a standard security protocol that is used to encrypt communications between a web server and a web browser. SSL is important! Without it, information that is exchanged between a server and a client is sent in plain text, so would be readable by any hacker who is able to capture the data.

SSL ensures that information sent between server and client is always encrypted. Even if captured, your sensitive data—user name, password, credit card details, etc.—will remain unreadable to anyone lacking the SSL certificate and encryption key shared by the server and client during the communications session. 

In this article we will look at how we can work with SSL in ASP.Net Core. We will use a new middleware component, UseHttpsRedirection, to redirect all HTTP requests to HTTPS. We will also take advantage of HSTS (HTTP Strict Transport Security), an optional security enhancement, to further strengthen the security of web connections. Support for the new middleware and the HSTS enhancement was introduced in ASP.Net Core 2.1 to enforce the use of HTTPS by clients in a connection.

Create an ASP.Net Core Web API project

First off, let’s create an ASP.NET Core project and install the necessary packages. If Visual Studio 2017 is up and running in your system, follow the steps outlined below to create an ASP.Net Core Web API project.

To continue reading this article register now