/ ASP.NET Core

Configuring and Enforcing SSL in an ASP.NET Core application for macOS

Say you are building your ASP.NET core web application and want to test Azure AD and Azure AD B2C code on your macOS. Here how you can do it using 2.0.0-preview2-final

Create your local Certificate.

First, open a terminal and navigate to your project directory. In the root directory of your project type the following:

openssl req -new -x509 -newkey rsa:2048 -keyout localhost.key -out localhost.cer -days 365 -subj /CN=localhost

Type any password (min 4 characters) when you get Enter PEM pass phrase and repeat it in Verifying - Enter PEM pass phrase.

Now, type:

openssl pkcs12 -export -out certificate.pfx -inkey localhost.key -in localhost.cer

Enter the password you used in the previous step when you are asked for Enter pass phrase for localhost.key. Then you will need to enter a new password (or you can use the same one from above) and type it when asked Enter Export Password and Verifying - Enter Export Password. We will need this password on the next stage.

On your root directory, you should have the following new files:

  • certificate.pfx
  • localhost.cer
  • localhost.key

Configure Kestrel to use Https

Open Program.cs and change it to the following:

public static IWebHost BuildWebHost(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseKestrel(options =>
        {
            options.Listen(System.Net.IPAddress.Parse("127.0.0.1"), 5000);
            options.Listen(System.Net.IPAddress.Parse("127.0.0.1"), 5001, o =>
            {
                o.UseHttps("certificate.pfx", "p@ssword");
            });
        })
        .UseStartup<Startup>()
        .Build();

Above, I configured Kestrel to listen to the IP address 127.0.0.1 on port 5000 (standard requests), and to listen to any IP address 127.0.0.1 on port 5001 for our secure connection. Replace p@ssword with the second password you created above.

Securing your application (optional)

Open your Starup.cs and add the following to your ConfigureServices:

services.Configure<MvcOptions>(options =>
{
    options.Filters.Add(new RequireHttpsAttribute());
});

This is equivalent to [RequireHttps] on all routes.

Now add this to the Configure section:

var options = new RewriteOptions().AddRedirectToHttps();
app.UseRewriter(options);

The code above redirects all HTTP requests to HTTPS.

Thats it, if you run your application using dotnet run you will notice the following on your terminal:

Now listening on: http://127.0.0.1:5000
Now listening on: https://127.0.0.1:5001

Happy coding.