How To Enable HTTPS In ASP.NET Web API (2024)

Table of Contents
Introduction Steps to enable HTTPS in ASP.NET Web API Write a custom class which is inherited from AuthorizationFilterAttribute Register that class in ASP.NET Web API Config Create a temporary certificate for SSL Install the certificate Enable HTTPS support to the development server in Visual Studio Summary

Introduction

In this article, you will see how we can enable HTTPS in ASP.NET Web API. We will start by discussing all the steps required to enable HTTPS in ASP.NET web API. And then we will discuss all the steps in detail. Also, you will see how we can enable HTTPS support for the development server.

Steps to enable HTTPS in ASP.NET Web API

  • Write a custom class which is inherited from AuthorizationFilterAttribute
  • Register that class in ASP.NET Web API Config
  • Apply [RequireHttps] attribute on API controller actions.
  • Create a temporary certificate for SSL.
  • Install the certificate
  • Enable HTTPS support to the development server in Visual Studio.

Write a custom class which is inherited from AuthorizationFilterAttribute

Write a custom class as shown below.

public class RequireHttpsAttribute : AuthorizationFilterAttribute{ public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { ReasonPhrase = "HTTPS Required for this call" }; } else { base.OnAuthorization(actionContext); } }}

Register that class in ASP.NET Web API Config

To register a custom HTTP filter class in web API configuration here are the settings.

// Web API configuration and servicesconfig.Filters.Add(new RequireHttpsAttribute());

Remember this is a global setting and will require all controller methods to run on HTTPS.

If we want to have a few methods to run on HTTP then in that case, just disable this setting. And use the [Requirehttps] attribute for individual methods.

See Also
Building a POC for TLS inspection in Azure FirewallImport a certificate into the portal—Portal for ArcGISHow to check what SSL/TLS versions are available for a website on a Plesk server? - Support Cases from Plesk Knowledge BaseAdd and manage TLS/SSL certificates - Azure App Service

Apply [RequireHttps] attribute on API controller actions.

[RequireHttps]public IEnumerable<string> Get(){ return new string[] { "value1", "value2" };}

Note. We need to use this [RequireHttps] attribute only in case we need to enable HTTPS only for selective API controller actions. Otherwise, Web API configuration global settings are enough.

But if we are targeting only a few API methods to run on HTTPS then we must disable the global configuration. Otherwise, all method calls will demand HTTPS.

Create a temporary certificate for SSL

To create a temp certificate run the following command in the command prompt.

makecert.exe -n "CN=Development CA" -r -sv TempCA.pvk TempCA.cer

Once the certificate is created it will be saved on your machine at the path selected in the command prompt windows.

See Also
Check for TLS Protocol Latest Version

Now, we need to install it.

Install the certificate

To install the certificate on your local machine, you need to do the following steps.

  • Open the MMC (Management console) window
  • Then go to File - > Add or Remove Snap Ins
  • Then select Certificates from available Snap Ins
  • Then click on the ADD button
  • Then select Computer account in the window pane that opens
  • Then select Local Computer Account
  • Then click next and OK

Now the certificate snap is added to MMC.

Now we need to install the certificate by selecting it in a snap.

For that,

  • Go to Certificates; expand it.
  • Then Select “Trusted root certification Authorities”
  • Then Select Action - > All Tasks - > Imports
  • Select the certificate and finish.

Now, a temporary certificate is installed on your computer.

This certificate will be used for SSL communication on your machine, but apart from installation, you don't need to do anything with respect to certificates.

Now, the next step is to enable HTTPS for the development server.

Enable HTTPS support to the development server in Visual Studio

For that do the following.

  • Open your web API solution in Visual Studio,
  • Then select the web API project in Solution Explorer.
  • Select View Menu in Visual Studio
  • Now select “Properties window” or click F4.
  • A window pane will open.
  • There select the “SSL Enabled” property and set it to true

Now, the development server is ready to work with HTTPS too.

Summary

So, in this article, we discussed how we can make a web API run on HTTPS. For that we discussed all the steps required in detail, like writing a custom class, using the RequiredHttps filter class, and registering this class in API configuration, then we also provided details on installing a temp certificate and using it and finally enabling HTTPS support for development in Visual Studio.

Web API Book

How To Enable HTTPS In ASP.NET Web API (2024)
Top Articles
One year later: How proof of stake has changed Ethereum
Mexican Peso (MXN)
Authorities in Papua New Guinea search for safer ground for thousands of landslide survivors
Meestergetal 44 Betekenis. Engelengetal 44. Engelennummer 44
Latest Posts
50 USD to MXN | Convert US Dollars to Mexican Pesos Exchange Rate in the USA
Compare Mexican Gold Pesos prices from online dealers
Article information

Author: Ray Christiansen

Last Updated:

Views: 5798

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Ray Christiansen

Birthday: 1998-05-04

Address: Apt. 814 34339 Sauer Islands, Hirtheville, GA 02446-8771

Phone: +337636892828

Job: Lead Hospitality Designer

Hobby: Urban exploration, Tai chi, Lockpicking, Fashion, Gunsmithing, Pottery, Geocaching

Introduction: My name is Ray Christiansen, I am a fair, good, cute, gentle, vast, glamorous, excited person who loves writing and wants to share my knowledge and understanding with you.