Forcing or redirecting your visitors to https automatically is the best way to make sure that your website can only accessed through SSL and that all traffic to and from your website is secured. We recommend that all customers who use SSL make sure that their sites contain one of the below rules.
IIS – web.config or Helicon Ape
For URL Rewrite, add the following rewrite rule to your web.config file’s <system.webServer> section.
<rewrite>
<rules>
<rule name="ACME / Let's Encrypt Verification" stopProcessing="true">
<match url="^\.well-known(.*)" />
<action type="None" />
</rule>
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
For Helicon Ape, add these lines to the .htaccess file in your wwwroot under the RewriteEngine On directive
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Apache – .htaccess
Add these lines to your site’s root .htaccess file directly under the RewriteEngine On directive
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Hi,
how can we set the https redirect on an aspnet core web application?
I tried this in the Configure method during application startup:
app.UseHsts();
app.UseHttpsRedirection();
But it does not work always. For example no redirect happens if I navigate in a private windows.
Best,
Antonio Valentini
Give this article a read – https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio