Enforcing HTTPS in ASP.NET Core

HTTPS is enabled by default on ASP.NET Core. The main middleware related to the HTTPS protocol is the  HttpsRedirection middleware class, which enforces redirection from HTTP to HTTPS. Therefore, it is possible to call the UseHttpsRedirection extension method in the Startup class in order to enable the middleware.

Let's see how to enable and force HTTPS in an ASP.NET Core application running in a docker container. The first step is to generate a self-signed certificate used by the ASP.NET Core application that runs in the container. .NET Core provides a global tool that creates a self-signed certificate on your local environment called dotnet-dev-certs. We can proceed by installing this tool on our local environment using the following CLI command:

dotnet tool install --global dotnet-dev-certs

After that, it is possible to create a new certificate using the .pfx format in the following command:

dotnet dev-certs https -ep <path_to_certificate>/certificate.pfx -p <certificate_password>

The aforementioned instruction specifies the export path using the -ep option, with the -p password. Furthermore, it is possible to trust the certificate using the --trust options. 

It is important to note that the dotnet-dev-certs tool works only on Windows and macOS. In the case of Linux, we should proceed by generating the certificate using OpenSSL. The following tutorial (https://www.humankode.com/asp-net-core/develop-locally-with-https-self-signed-certificates-and-asp-net-core) provides more information about the creation of an HTTPS certificate using OpenSSL.

Once we have created a new certificate file, we can proceed by adjusting the docker-compose.yml file of the Catalog.API and Cart.API solutions:

version: "3.7"
services:
  catalog_api:
    container_name: catalog_api
    build:
      context: .
      dockerfile: containers/api/Dockerfile
    volumes:
      - ./<path_to_certificate>/:/root/.dotnet/https
    env_file:
      - containers/api/api.env
    networks:
      - my_network
    ports:
      - 5000:5000
      - 5001:5001
    depends_on:
      - catalog_db
      - catalog_esb

 ...

The aforementioned docker-compose.yml definition declares a volumes node to create a binding between the local   ./certificate/ folder and the /root/.dotnet/https folder in the instance of the container. Furthermore, we can proceed by adding the following variables in the containers/api.env file:

ASPNETCORE_ENVIRONMENT=Integration
ASPNETCORE_URLS=https://*:5001
ASPNETCORE_Kestrel__Certificates__Default__Password=<certificate_password>
ASPNETCORE_Kestrel__Certificates__Default__Path=/root/.dotnet/https/certificate.pfx

The file adds two environment variables related to the certificate: ASPNETCORE_Kestrel__Certificates__Default__Password provides the certificate password, and ASPNETCORE_Kestrel__Certificates__Default__Path defines its path.  The new definition of the docker-compose.yml file also exposes the 5001 port, and it also adds the https://*:5001 URL URL to the pool of URLs run by Kestrel. Futhermore, now it is possible to enforce the HTTPS in our Startup class by adding the following line in the Configure method:

app.UseHttpsRedirection();

After applying the HTTPS restriction, the client will always be redirected to the HTTPS endpoint of the web service for every request.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.33.87