Skip to main content

What is SSL and How SSL Works?

What is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral1.

How SSL Works

  1. Handshake Process: When a browser connects to a server, the SSL handshake process begins. This involves:

    • The browser requesting the server to identify itself.
    • The server sending a copy of its SSL certificate to the browser.
    • The browser checking the certificate against a list of trusted CAs (Certificate Authorities). If trusted, the browser creates, encrypts, and sends back a session key using the server’s public key.
    • The server decrypting the session key using its private key and establishing a secure encrypted connection.

  2. Data Encryption: Once the secure connection is established, all data transmitted between the browser and the server is encrypted using the session key. This ensures that even if the data is intercepted, it cannot be read without the session key.

Example: Implementing SSL in ASP.NET Core MVC with .NET 8

Step 1: Obtain an SSL Certificate

You need to obtain an SSL certificate from a trusted Certificate Authority (CA). This certificate will be used to encrypt the connection between the client and server.

Step 2: Configure Your Server

Depending on your hosting environment (IIS, Kestrel, Azure, etc.), configure your server to use the SSL certificate. For example, in IIS, you can bind the certificate to your website.

Step 3: Configure ASP.NET Core MVC Application

  1. Enforce HTTPS: Add the following code in your Program.cs to enforce HTTPS:
var builder = WebApplication.CreateBuilder(args);

// Enforce HTTPS
builder.Services.AddHttpsRedirection(options =>
{
    options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
    options.HttpsPort = 443;
});

var app = builder.Build();

app.UseHttpsRedirection();

app.MapGet("/", () => "Hello World!");

app.Run();
  1. Configure Kestrel (if using Kestrel server): Add the following configuration in your appsettings.json:
{
  "Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "path/to/your/certificate.pfx",
          "Password": "your-certificate-password"
        }
      }
    }
  }
}

Step 4: Test Your Configuration

After setting up, test your configuration by accessing your application via HTTPS. Ensure that the browser shows a secure connection (usually indicated by a padlock icon).

Summary

SSL ensures secure communication by encrypting data between the client and server. Implementing SSL in an ASP.NET Core MVC application involves obtaining an SSL certificate, configuring your server, and enforcing HTTPS in your application.

For more detailed information, you can refer to the official Microsoft documentation on enforcing HTTPS in ASP.NET Core2 and configuring certificate authentication3.


Labels:

Comments

Post a Comment

Popular posts from this blog

Azure key vault with .net framework 4.8

Azure Key Vault  With .Net Framework 4.8 I was asked to migrate asp.net MVC 5 web application to Azure and I were looking for the key vault integrations and access all the secrete out from there. Azure Key Vault Config Builder Configuration builders for ASP.NET  are new in .NET Framework >=4.7.1 and .NET Core >=2.0 and allow for pulling settings from one or many sources. Config builders support a number of different sources like user secrets, environment variables and Azure Key Vault and also you can create your own config builder, to pull in configuration from your own configuration management system. Here I am going to demo Key Vault integrations with Asp.net MVC(download .net framework 4.8). You will find that it's magical, without code, changes how your app can read secretes from the key vault. Just you have to do the few configurations in your web config file. Prerequisite: Following resource are required to run/complete this demo · ...
Post a Comment
Read more

How to Make a Custom URL Shortener Using C# and .Net Core 3.1

C# and .Net Core 3.1:  Make a Custom URL Shortener Since a Random URL needs to be random and the intent is to generate short URLs that do not span more than 7 - 15 characters, the real thing is to make these short URLs random in real life too and not just a string that is used in the URLs Here is a simple clean approach to develop custom solutions Prerequisite:  Following are used in the demo.  VS CODE/VISUAL STUDIO 2019 or any Create one .Net Core Console Applications Install-Package Microsoft.AspNetCore -Version 2.2.0 Add a class file named ShortLink.cs and put this code: here we are creating two extension methods. public   static   class   ShortLink {      public   static   string   GetUrlChunk ( this   long   key ) =>            WebEncoders . Base64UrlEncode ( BitConverter . GetBytes ( key ));      public   static   long   GetK...
Post a Comment
Read more

AWS FREE ASP.NET CORE (.NET 6.0) HOSTING WITH FREE SSL

  FREE ASP.NET CORE (.NET 6.0) Hosting on AWS (Amazon Web Services) Today I was able to host my asp.net 6.0  + ANGULAR 14 application  on AWS Free  Initial Setup of your AWS Account and your Computer Get ready with your asp.net core 3.1 /.net 6 application Install  "AWS toolkit for visual studio 2022" as  visual studio extensions :  it will be required to deploy smoothly from Visual Studio 2022 itself, your life will be easy. Let's finish the AWS account setup  Get signed up with: its free but it will be required a valid credit card or debit card, they will charge nothing for the free services for 1 year * https://portal.aws.amazon.com/billing/signup#/start/email AWS console  for services and offering http://console.aws.amazon.com/ Create a user in AWS Console:  IAM With the help of AWS Identity and Access Management (IAM), you can control who or what has access to the services and resources offered by AWS, centrally manage fine-grained...
Post a Comment
Read more