This package is now obsolete. Use the official ASP.NET Core Middleware instead.

ASP.NET Core middleware and MVC extension for redirecting requests to HTTPS.

Install-Package AspNetCore.SslRedirect

public class Startup {

    public void ConfigureServices(IServiceCollection services) {
        services.AddSslRedirect();
        ...
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
        app.UseSslRedirect();
        ...
    }

}

Use ISslPolicy elements or MVC filters to enforce SSL communication:

services.AddSslRedirect(options => options.Policies.RedirectAll());

Upgrades every unsecured request handled by the web application.

services.AddSslRedirect(options =>
    options.Policies
        .RedirectPath("/SecurePath/*.html")
        .RedirectPath("/**/api/Admin/*")
);

Upgrades unsecured requests to paths defined by the glob patterns.

[RequireSsl]
[Route("api/[controller]")]
public class AdministrationController : Controller {

    ...

}

Upgrades unsecured requests invoking any controller action.

[Route("api/[controller]")]
public class UserController : Controller {

    [HttpGet({id:int})]
    public IActionResult GetById(int id) { ... }

    [RequireSsl]
    [HttpPost("/auth")]
    public IActionResult Authenticate([FromForm]string user, [FromForm]string password) { ... }

}

Upgrades unsecured requests invoking action Authenticate.

1. Implement ISslPolicy

   public class SslRemotePolicy : ISslPolicy {
   
       public Task<bool> Accept(HttpContext context) =>
           Task.FromResult(
               context.Request.Host.Host != "localhost" &&
               context.Request.Host.Host != "127.0.0.1"
           );
   
   }

2. Add your policy

   public class Startup {
   
       public void ConfigureServices(IServiceCollection services) {
           services.AddSslRedirect(options => options.Policies.Add(new SslRemotePolicy());
           ...
       }
   
       public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
           app.UseSslRedirect();
           ...
       }
   
   }

• SslPort - The HTTPS port number

  options.SslPort = Environment.IsDevelopment() ? 44300 : 443;

• Method - The HTTP method used for redirecting requests. See RFC 7231, Section 6.4 and RFC 7238

  options.Method = HttpRedirectMethod.TemporaryRedirect;

• HstsHeader - The HSTS header information

  options.HstsHeader.MaxAge = TimeSpan.FromMonths(1);
  options.HstsHeader.IncludeSubDomains = true;

  The middleware will automatically add a HSTS header unless options.HstsHeader is null.

• Policies - The collection of policies for upgrading unsecured requests.

• Filter - Wraps the redirection process. This delegate can modify the SslRedirectOptions on a per-request basis and instruct the termination of SSL redirection.