This video shows how to configure the web host that turns the console application into an ASP.NET Core application. Then learn how to use SSL with IIS and Kestrel.
- [Instructor] In this section, we're going to discuss configuring the web host and running under SSL. As mentioned before, ASP.NET Core applications are simply console applications that create a web host. Now in ASP.NET Core 1.0, the only web host available is Kestrel. In 1.1, web listener was added which we'll cover in that section. And then it was renamed to http.sys in 2.0.
The web host is created with the WebHostBuilder class, and it's responsible for app startup and lifetime management. At a minimum, it configures a server and requests processing pipeline. Additional features and configuration options are opt-in. For example, if you want to add IIS with reverse proxy, then you would add in the UseIISIntegration method. And if you're going to use Configure and ConfigureServices in your startup, you would use the UseStartup method.
And there's many more options available. Now as mentioned in 1.1, in addition to Kestrel, there's HTTP.sys and in 2.0, there's several changes in how we call and create the WebHostBuilder. Plus, there's additional options available. So let's look at configuring a web host in ASP.NET Core. So here's our void main method. This is our entry point, and I've got the SSL code commented out now.
Hopefully that doesn't cause too much of a distraction. But on line 17, we're creating up a new WebHostBuilder, we're turning on Kestrel, we are also adding in IIS integration on line 22, we're defining the content route as the current directory of the project. That's where the web host will find the modules, the views, the controllers, all that MVC content that we would expect to see. We're specifying a startup class.
We're also enabling application insights. We could change the environment to development, staging, production, et cetera. And then we build the I server. Finally, we call run. Now we have a running web host that's able to receive requests and forward them on to where they need to be forwarded based on the configuration that we will discuss shortly in startup. To use SSL locally with IIS express is a pretty straightforward process.
You start off by enabling SSL on the Debug property page and make note of the port, and then you can configure MVC for the SSLPort using the same port from the prior step. If you want to make up your own port number, that's fine. It's just has to be 44300 or greater. Then you can go ahead and add the RequireHttps attributes, filters, et cetera, and make your site support SSL.
Now this is using a self-signed certificate, so if you have not already trusted it, you'll get an exception in the browser. I'd like to note one additional feature in 1.1 that we'll cover in the next chapter and that is URL rewriting middle ware that makes it much easier to add HTTPS to your entire site. So let's look at this in code. We start with the project property pages on Debug, and we enable SSL right here, and there's the port, and when you make that change, it also updates the launchsettings.jhunt file to place the port in there.
Now that we have the port, we have to configure MVC to use that port in its routing when it is rendering to HTTPS. Now if you're using the standard port 443, you wouldn't have to do this. It would just happen for you. But we are not using a standard port. So in the services.addmvc line in the configure services method of this startup class, I add options.sslport equals 44329.
Now it's hard coded right now. I'm going to leave it like this briefly, and I'll show you a different way to go around it shortly. Now I've added RequireHTTPS to the account controller which should be there anyway 'cause it's people logging in and logging out. And so now, when we run this using IIS express, it'll start off without HTTPS and when we click on the login link, it'll redirect us to the secure version.
So here you can see, we're not running HTTPS. I click on login, it changes to port 44329, and it's secure. Now I've already self-signed and accepted the certificate that was created so that the browser did not object to me moving to this site. Back in Visual Studio, let's change this from a hard coded value to actually taking advantage of the rich configuration system built into ASP.NET Core.
So if we move to the constructor, and I've added the launchsettings.json file into the configuration builder so all of those configuration settings that Visual Studio's maintaining for us, we can access programmatically. Now we haven't covered the startup class yet, but there is an I configuration route property right here that is assigned the result of the configuration and we can access that anywhere in this class.
So now we go down to where we want to configure MVC, and let's comment out the hard coded version and let's just say that SSL port equals configuration.getvalue, and I'm using an overload that takes an int, and then I have the fully defined path of the json. And then when I uncomment line 65, it is now dynamically pulling the SSL port from the launchsettings.json file.
So we'll run it again just to prove that it works, and we click over here on login. And sure enough, we are still secured. Using SSL with Kestrel requires a bit more setup, but once the setup is done, the rest of the process is pretty much the same. There is some external dependencies and that's the make cert and PVK2PFK programs and you can get those by installing the desktop development with C++ workload from Visual Studio.
You will also need to add into your project the Microsoft.AspNetCore.Server.Kestrel.Https package. Nice and long package name. And then the process is make a cert, convert it to .pfx, and then add that as a 509 certificate. Once you have this certificate done, you add RequireHTTPS, configure MVC for the SSLPort. Pretty much the same process that we did with IIS.
Added in 1.1 is URL rewriting, and one of the options is to rewrite to HTTPS. And we'll discuss that in the 1.1 chapter. And then breaking change in 2.0 is the Kestrel configuration that I'm going to show you here does not work in 2.0. It's done a different way, and we will cover that in the 2,0 chapter. So let's dive in and see how to make a certificate, and we'll wire up Kestrel for SSL.
In the solution items directory, I have a text file called create cert. So first you will call make cert with these parameters and you'll fill in your own names. You're going to be prompted for a password twice. You use the same password in both dialogues. And then you're going to run PVK2PFK with those following parameters, and you're going to want to add in your password that you entered in the previous dialogue boxes. Just as a side note, PVK2PFX gets installed to the directory you see there, and then you take that certificate and copy it into your project.
So I have my certificate right here in the route, and just as a side note, my certificate and my credentials are not going to be shipped with this, so you're going to have to make your own, but it's a pretty simple process once you have all the right software installed. So now you have your certificate. We need to turn that into a 509 certificate, and that is as simple as declaring a new 509 certificate to with the name of your file and then the password, and I just have it in a separate file so I can clear it out when I ship the code up for the course.
And then we have two changes we want to make to Kestrel. First and foremost, we're going to turn off the simple use Kestrel method and then we're going to add in the use Kestrel where we say use HTTPS and provide a certificate. The other thing we want to do is let Kestrel know which URL's to use for http and which URL's to use for HTTPS. Now to make things simple, I like to make the HTTPS port the same as the IIS express port.
The downside here, of course, is you wouldn't be able to run both the Kestrel and the IIS versions at the same time because it would try and share a port. But by changing it to the IIS express port, then all of the other configuration works for us. So let's save this, and we're going to go ahead and fire it up with Kestrel, and it will start on port 6001. And then when we hit on the login screen, it will redirect us to 44329.
So let's open up a browser, and we're starting on 6001. And I'm just using Firefox to show you the different browser and then when I click on login, this is the error that you will get if you have not accepted the certificate by your particular browser. I've already done this in Chrome which is why I wanted to pull it up in Firefox to show you.
And you click on advanced and it says it's self-signed and you shouldn't trust it. You add an exception, confirm security exception, and then now we are running HTTPS on our local machine. A deployment note, you're going to want to take out that code in the startup. So this code here on line 65, we are hard coding the SSL port. And again, that's only if you're using a non-standard port. Typically, when you deploy to production, you're going to be on 443, and then you won't need to do this and you're going to want to take the port out of the assignment here.
So while there's a few more setup steps with Kestrel, once you get those setup steps done, it's still pretty simple to run IIS. Now I will tell you that I am going to comment these back out and have it not use IIS for Kestrel in the code that you will get just because I'm not shipping a certificate, and it'll break if we try and do that. The other change that I'm going to revert in the download code is in the account controller.
I'm just going to comment out the RequiredHTTPS. So when you get the code, you'll be able to run it without SSL and everything will be fine. If you want to turn on SSL, simply go through the steps we went through here, and you'll be off to the races.
- Running and debugging ASP.NET Core applications
- Pros and cons of migrating existing applications to ASP.NET Core.
- Built-in dependency injection
- Environment awareness and app configuration
- Web host configuration and SSL
- View components invoked as tag helpers
- Configuration and logging
- Using Razor Pages