Skip to content
This repository has been archived by the owner on Sep 28, 2018. It is now read-only.
/ AspNetCore.SslRedirect Public archive

ASP.NET Core middleware and MVC extension for redirecting requests to HTTPS.

License

MIT license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mdschweda/AspNetCore.SslRedirect

BranchesTags

Repository files navigation

AspNetCore.SslRedirect

Build status

This package is now obsolete. Use the official ASP.NET Core Middleware instead.

ASP.NET Core middleware and MVC extension for redirecting requests to HTTPS.

Installation

Install-Package AspNetCore.SslRedirect

Setup

public class Startup {

    public void ConfigureServices(IServiceCollection services) {
        services.AddSslRedirect();
        ...
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
        app.UseSslRedirect();
        ...
    }

}

Secure requests

Use ISslPolicy elements or MVC filters to enforce SSL communication:

Every request

services.AddSslRedirect(options => options.Policies.RedirectAll());

Upgrades every unsecured request handled by the web application.

Specific paths

services.AddSslRedirect(options =>
    options.Policies
        .RedirectPath("/SecurePath/*.html")
        .RedirectPath("/**/api/Admin/*")
);

Upgrades unsecured requests to paths defined by the glob patterns.

MVC controllers and actions

[RequireSsl]
[Route("api/[controller]")]
public class AdministrationController : Controller {

    ...

}

Upgrades unsecured requests invoking any controller action.

[Route("api/[controller]")]
public class UserController : Controller {

    [HttpGet({id:int})]
    public IActionResult GetById(int id) { ... }

    [RequireSsl]
    [HttpPost("/auth")]
    public IActionResult Authenticate([FromForm]string user, [FromForm]string password) { ... }

}

Upgrades unsecured requests invoking action Authenticate.

Custom policies

  1. Implement ISslPolicy 
    public class SslRemotePolicy : ISslPolicy {

    public Task<bool> Accept(HttpContext context) =>
        Task.FromResult(
            context.Request.Host.Host != "localhost" &&
            context.Request.Host.Host != "127.0.0.1"
        );

}
  2. Add your policy 
    public class Startup {

    public void ConfigureServices(IServiceCollection services) {
        services.AddSslRedirect(options => options.Policies.Add(new SslRemotePolicy());
        ...
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
        app.UseSslRedirect();
        ...
    }

}

Options

  • SslPort - The HTTPS port number

    options.SslPort = Environment.IsDevelopment() ? 44300 : 443;

  • Method - The HTTP method used for redirecting requests. See RFC 7231, Section 6.4 and RFC 7238

    options.Method = HttpRedirectMethod.TemporaryRedirect;

  • HstsHeader - The HSTS header information

    options.HstsHeader.MaxAge = TimeSpan.FromMonths(1);
options.HstsHeader.IncludeSubDomains = true;

    The middleware will automatically add a HSTS header unless options.HstsHeader is null.

  • Policies - The collection of policies for upgrading unsecured requests.

  • Filter - Wraps the redirection process. This delegate can modify the SslRedirectOptions on a per-request basis and instruct the termination of SSL redirection.

About

ASP.NET Core middleware and MVC extension for redirecting requests to HTTPS.

Topics

ssl hsts mvc https netcore asp-net-core redirecting-requests https-redirect

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages