为Asp.net核心Web API启用HTTPS安全连接 [英] Enable HTTPS secure connection for Asp.net core web api

问题描述

我有使用ASP.NET Core 2.1创建的REST API应用程序. REST API由WebHostBuilder创建，并由Kestrel托管.

I have REST API application created using ASP.NET Core 2.1. REST API is created by WebHostBuilder and hosted by Kestrel.

Startup.Kernel = kernel;
    _restApiServer = new WebHostBuilder()
      .UseKestrel(options =>
      {

      })
      .UseContentRoot(Directory.GetCurrentDirectory())
      .UseIISIntegration()
      .UseStartup<Startup>()
      .UseUrls(string.Format("http://localhost:{0}", _configuration.PortNumber))
      .UseSetting("https_port",_configuration.HttpsPort.ToString())
      .Build();
     _restApiServer.Run();

默认情况下，REST API在端口8998上提供.该REST API由我的其他应用程序启动.我能够使用浏览器和POSTMAN连接到该REST API.

REST API is served on port 8998 by default. This REST API is started by my different application. I am able to connect to this REST API using browser and POSTMAN.

现在，我想保护与REST API的连接.我所做的是: 我已经在Configure方法的Startup类中添加了强制配置以强制安全连接:

Now I would like to secure my connection to REST API. What I did is: I've added necessity configuration to force secure connection in my Startup class in Configure method:

app.UseHttpsRedirection();

我还执行了信任开发者证书的代码:

And I've also executed a code for trusting dev certs:

dotnet dev-certs https --trust

情况是，当我尝试通过浏览器访问Web api时出现错误:

The case is that when I try to access the web api via browser I get and error:

localhost拒绝连接. 试试:

localhost refused to connect. Try:

检查连接

检查代理和防火墙

ERR_CONNECTION_REFUSED

ERR_CONNECTION_REFUSED

当我使用POSTMAN调用我得到的一些REST API方法时，也会出错:

Also when I am using POSTMAN to call some REST API methods I got and error:

无法得到任何回应

Could not get any response

我做错了什么?我需要直接在Kestrel配置中指定证书吗?

What am I doing wrong? Do I need to specify the certificate directly in Kestrel configuration?

推荐答案

由于https是不同的协议，因此您需要为https配置另一个端口.要自动重定向到https网址，您需要做三件事:

Since https is a different protocol, you need to configure another port for https. There are three things you need to do in order to automatically redirect to the https url:

1. 添加一个侦听器.在program.cs中(端口号为示例):

1. Add a listener. In program.cs (the port numbers are an example):

.UseUrls("http://localhost:8998", "https://localhost:8999");

启动应用程序时，您应该看到:

When you start the application you should see:

1. 配置https重定向.在Startup.ConfigureServices中:

1. Configure the https redirection. In Startup.ConfigureServices:

services.AddHttpsRedirection(options => options.HttpsPort = 8999);

如果省略此步骤，则使用默认端口，可能是5001.要在Azure上托管，可能需要将此端口设置为443.

If you omit this step then the default port is used, probably 5001. For hosting on Azure you may need to set this to 443.

并在Startup.Configure中:

And in Startup.Configure:

app.UseHttpsRedirection();

对http://localhost:8998的调用现在将被重定向到https://localhost:8999.

A call to http://localhost:8998 will now be redirected to https://localhost:8999.

如果您按照上述步骤操作但未创建证书，则https端口未列出并且将不可用！如果创建了证书，则应列出两个端口.

If you followed above steps but did not create the certificate then the https port is not listed and will not be available! If the certificate was created then both ports should be listed.

我认为在生产中，Api将在代理后面运行.在这种情况下，您可以省略上述步骤.在代理后面运行意味着您可以将http重定向到那里的https，这意味着您不需要

I assume that in production the Api will run behind a proxy. In that case you can omit the above steps. Running behind a proxy means that you can redirect http to https there, which means that you don't need https redirect.

这篇关于为Asp.net核心Web API启用HTTPS安全连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！