8

I created a simple web application from visual studio Web Application(Net.Core) template with individual user account authorization.

Then, I enabled SSL in Project->MyProject Properties..., copied URL with https to App Url.

Finally, I added:

services.AddMvc(options =>
{
    options.Filters.Add(new RequireHttpsAttribute());
});

to Startup.

And it doesn't work! When I'm starting the application, it just simply turns off after a second, and nothing happens, no error, nothing!

What's wrong with SSL in Asp.Net Core, and how can I enable it correctly?

Improve this question
5
  • If I understand correctly, you should use SSL offloading at the reverse proxy server (IIS or nginx), and at Kestrel it should process only HTTP. No documentation right now, docs.asp.net/en/latest/security/enforcing-ssl.html Commented Oct 12, 2016 at 10:31
  • @LexLi if it is right, how can I do this? Commented Oct 12, 2016 at 10:33
  • Are you using IIS Express to host it in VS? Then you might try to use Jexus Manager to add an HTTPS binding to the web site, jexusmanager.com Commented Oct 12, 2016 at 10:35
  • @LexLi yes, I'm using IIS Express. It already has console, maybe I should use its console? Commented Oct 12, 2016 at 10:39
  • Lex Li - IIS Express already does the SSL offloading. And there's no need to use any 3rd party tools, just configure it in the debug settings. Commented Oct 12, 2016 at 17:23

1 Answer 1

Reset to default
21

For development testing you need to enable SSL first.

Right click the project > Properties > Debug

  • Choose "IIS Express" in profile
  • Check "Enable SSL"

If your debugging stops after starting (no process ID found), then you have to install the IIS Express self-signed certificate into the certificate store.

You can follow this guide here. It's bit older but still applies to Visual Studio 2015. It's due to a bug in Update 3 where IIS Certificate isn't installed in the trusted certificate storage correctly.

Alternatively,

  1. hit Win+R, type run "mmc.exe"
  2. File > Add Snap-in > Choose "Certificates" > Add > Computer Account > Next > Finish
  3. Hit OK
  4. Go to "Personal/Certificates". Look for "localhost" Zertificate
  5. Drag & Drop the certificate to "Trusted Root Certification Authorities"
  6. Close the MMC. Restart Visual Studio 2015

Now you should be able to debug it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you, why is this not enabled by default?
@Madailei: It should be by now. The answer was related to ASP.NET Core 1.0 which did run on Visual Studio 2015. The newer Templates and on VS 2017.8 should create new projects with SSL already. Also a problem back then was, that there was no tooling for developer certificates. The new .NET Core SDKs install an developer certificate, so it works w/o manual intervention on the certificates to make them trusted in the browser
Also these days we don't use [RequireHttps] attributes and use the middleware instead, see learn.microsoft.com/en-us/aspnet/core/security/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.