Link to URL Rewriting Middleware (#7062)
parent
714dcf9ff1
commit
4ea8ca22cc
|
@ -150,7 +150,7 @@ public void Configure(IApplicationBuilder app)
|
||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> When redirecting to HTTPS on port 443 without the requirement for additional redirect rules, we recommend using HTTPS Redirection Middleware. For more information, see the [Enforce HTTPS](xref:security/enforcing-ssl#require-https) topic.
|
> When redirecting to HTTPS without the requirement for additional redirect rules, we recommend using HTTPS Redirection Middleware. For more information, see the [Enforce HTTPS](xref:security/enforcing-ssl#require-https) topic.
|
||||||
|
|
||||||
The sample app is capable of demonstrating how to use `AddRedirectToHttps` or `AddRedirectToHttpsPermanent`. Add the extension method to the `RewriteOptions`. Make an insecure request to the app at any URL. Dismiss the browser security warning that the self-signed certificate is untrusted or create an exception to trust the certificate.
|
The sample app is capable of demonstrating how to use `AddRedirectToHttps` or `AddRedirectToHttpsPermanent`. Add the extension method to the `RewriteOptions`. Make an insecure request to the app at any URL. Dismiss the browser security warning that the self-signed certificate is untrusted or create an exception to trust the certificate.
|
||||||
|
|
||||||
|
|
|
@ -71,6 +71,11 @@ If no port is set:
|
||||||
* Requests aren't redirected.
|
* Requests aren't redirected.
|
||||||
* The middleware logs a warning.
|
* The middleware logs a warning.
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> An alternative to using HTTPS Redirection Middleware (`UseHttpsRedirection`) is to use URL Rewriting Middleware (`AddRedirectToHttps`). `AddRedirectToHttps` can also set the status code and port when the redirect is executed. For more information, see [URL Rewriting Middleware](xref:fundamentals/url-rewriting).
|
||||||
|
>
|
||||||
|
> When redirecting to HTTPS without the requirement for additional redirect rules, we recommend using HTTPS Redirection Middleware (`UseHttpsRedirection`) described in this topic.
|
||||||
|
|
||||||
::: moniker-end
|
::: moniker-end
|
||||||
|
|
||||||
::: moniker range="< aspnetcore-2.1"
|
::: moniker range="< aspnetcore-2.1"
|
||||||
|
@ -83,7 +88,7 @@ The preceding highlighted code requires all requests use `HTTPS`; therefore, HTT
|
||||||
|
|
||||||
[!code-csharp[](authentication/accconfirm/sample/WebApp1/Startup.cs?name=snippet_AddRedirectToHttps&highlight=7-999)]
|
[!code-csharp[](authentication/accconfirm/sample/WebApp1/Startup.cs?name=snippet_AddRedirectToHttps&highlight=7-999)]
|
||||||
|
|
||||||
For more information, see [URL Rewriting Middleware](xref:fundamentals/url-rewriting).
|
For more information, see [URL Rewriting Middleware](xref:fundamentals/url-rewriting). The middleware also permits the app to set the status code or the status code and the port when the redirect is executed.
|
||||||
|
|
||||||
Requiring HTTPS globally (`options.Filters.Add(new RequireHttpsAttribute());`) is a security best practice. Applying the
|
Requiring HTTPS globally (`options.Filters.Add(new RequireHttpsAttribute());`) is a security best practice. Applying the
|
||||||
`[RequireHttps]` attribute to all controllers/Razor Pages isn't considered as secure as requiring HTTPS globally. You can't guarantee the `[RequireHttps]` attribute is applied when new controllers and Razor Pages are added.
|
`[RequireHttps]` attribute to all controllers/Razor Pages isn't considered as secure as requiring HTTPS globally. You can't guarantee the `[RequireHttps]` attribute is applied when new controllers and Razor Pages are added.
|
||||||
|
|
Loading…
Reference in New Issue