Enabling SSL/TLS on an ASP.NET Core website, as told by an expert
SSL certificates have become important to Google this year (51.8% of the top one million sites now have this enhanced security feature), which means they should be important to you too.
Before publishing an ASP.NET Core site to the public internet, you will need to take digital security into consideration. By default, all web servers handle traffic over port 80 through the HyperText Transfer Protocol (HTTP), which is how web browsers send and receive data.
However, this form of communication comes with certain vulnerabilities that can affect your website’s performance and reputation.
The best practice for software developers is to enable secure sockets layer (SSL) technology on all hosted webpages. Here’s how to do it
Basics of SSL Certificates
The padlock icon that appears beside the address bar in a web browser is an indication that the current website is secured with an SSL certificate. But what does that really mean? It’s an indication that data requests will be sent over port 443 instead of the normal port 80 for HTTP. Secure data communication over the web is known as HTTPS.
If your ASP.NET CORE project will feature the ability to store usernames and passwords or perform credit card transactions, then support for HTTPS is a must. Otherwise, your visitors and customers will be at risk of having their private information exposed to intruders and hackers.
With basic HTTP requests over port 80, data is transmitted in plain text, meaning that messages can be intercepted by hacking a local wi-fi network. SSL certificates eliminate that risk, as they encrypt all data transfers from the browser to the web server. So even if a hacker tries to parse the message being sent, it cannot be decoded.
SSL certificates are issued by organizations known as certificate authorities who are responsible for verifying the identity of the company or individual requesting a certificate. Once approved and installed, the certificate provides assurance to visitors that the website is secure and encrypted.
Enabling HTTPS Redirects
When an individual types a web address into their browser, the initial request packet will be sent over port 80 with HTTP. To use an SSL certificate with your ASP.NET Core site, you need to immediately have your web server redirect the traffic to port 443 as an HTTPS request. To do so, follow these steps:
- Open your source code in the Visual Basic application Edit the “Startup” class
- Edit the “Startup” class
- Add the following line within the “Configure” function: app.UseHttpsRedirection();
This will instruct your web server to load the SSL certificate for all incoming requests. Next, you need to add code instructions to open and use the correct network port for HTTPS connections.
- Edit the “Program” class in your ASP.NET Core project
- Add the following line within the “CreateWebHostBuilder” function: .UseSetting(“https_port”, “443”)
If you have a firewall set up on your web or application servers, their policies must also be manually updated to allow external requests through port 443.
Using a Self-Signed Certificate
For ASP.NET Core projects that are in an early stage of development, you may not be ready to acquire a full SSL certificate from a certificate authority, especially given the costs they involve. Instead, you can enable a self-signed certificate on your project for free that can be used for testing in your development environment.
Follow these steps to enable self-signed SSL validation in ASP.NET Core:
- Launch the Windows command prompt utility
dotnet dev-certs https --trust
- Run the following .NET command: dotnet dev-certs https –trust
- Click “Yes” to confirm you want to trust the self-signed certificate
Now when you test your website and use “https” at the beginning of the URL, the web browser will recognize the self-signed certificate and display the padlock symbol to indicate a valid SSL certificate is in place. Be aware that you’ll need to run through this process on all workstations where testing will occur
ASP.NET Core Hosting Support SSL Certificate
If you are looking for ASP.NET Core hosting that support for FREE SSL certificate, then you might take a look at our previous post.