HttpsPolicy

From Microsoft.AspNetCore.HttpsPolicy.dll

Https Redirect

Redirect all HTTP traffic to an HTTPS port.

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
...
myIServiceCollection.AddHttpsRedirection(options =>
{
    options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect; //see also Status301MovedPermanently and Status308PermanentRedirect
    options.HttpsPort = 8443;
});

An HTTP request can bypass this redirect with header "X-Forwarded-Proto:https".
This pretends that the request is already being made to an HTTPS address.

HTTP Strict Transport Security

aka HSTS

The HTTP Strict-Transport-Security response header lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.


using Microsoft.AspNetCore.Builder;
...
myIServiceCollection.AddHsts(options =>
{
    options.MaxAge = new TimeSpan(365, 0, 0, 0); //1 year
});