Secure Sockets Layer—SSL for short—is a standard security protocol that is used to encrypt communications between a web server and a web browser. SSL is important! Without it, information that is exchanged between a server and a client is sent in plain text, so would be readable by any hacker who is able to capture the data.

SSL ensures that information sent between server and client is always encrypted. Even if captured, your sensitive data—user name, password, credit card details, etc.—will remain unreadable to anyone lacking the SSL certificate and encryption key shared by the server and client during the communications session. 

In this article we will look at how we can work with SSL in ASP.Net Core. We will use a new middleware component, UseHttpsRedirection, to redirect all HTTP requests to HTTPS. We will also take advantage of HSTS (HTTP Strict Transport Security), an optional security enhancement, to further strengthen the security of web connections. Support for the new middleware and the HSTS enhancement was introduced in ASP.Net Core 2.1 to enforce the use of HTTPS by clients in a connection.

Create an ASP.Net Core Web API project

First off, let’s create an ASP.NET Core project and install the necessary packages. If Visual Studio 2017 is up and running in your system, follow the steps outlined below to create an ASP.Net Core Web API project.