From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Enforcing HTTPS
- [Instructor] In this day and age, using HTTPS is a must. But how can we prevent that clients are using HTTP, that servers are using HTTP? There's several ways how we can enforce HTTPS, both specific to ASP.NET and generally. Let's have a look at a few of those. The first and probably most logical option is to redirect HTTP requests to HTTPS. A global handler can check HtttpContext.Current.Request.IsSecureConnection. If that returns false, we can just redirect to HTTPS. That's pretty efficient, but on the other hand, the clients are still sending HTTP requests, and they always get the results, because we redirect them to HTTPS, then they do the HTTPS request, everything is good, but maybe next time they try HTTP again. The second option is to use the rewriting features in ASP.NET, specifically in web.config. When we use IIS, we have the system.webServer node in web config, and then we can set rewrite rules, and those rewrite rules we can check for HTTP requests and then, well…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Introduction27s
-
(Locked)
Securing cookies6m 11s
-
(Locked)
Securing sessions6m 7s
-
Setting cookie attributes in the app1m 37s
-
(Locked)
Enforcing HTTPS3m 12s
-
(Locked)
Error handling4m 6s
-
(Locked)
Hiding server information2m 50s
-
(Locked)
Hiding more server information3m 34s
-
(Locked)
Security HTTP headers4m 15s
-
(Locked)
-