Support us .Net Basics C# SQL ASP.NET Aarvi MVC Slides C# Programs Subscribe Download

ASP.NET Web API enable HTTPS

Suggested Videos
Part 14 - Calling ASP.NET Web API service in a cross domain using jQuery ajax
Part 15 - Cross-origin resource sharing ASP.NET Web API
Part 16 - Enable SSL in Visual Studio Development Server

In this video we will discuss how to enable HTTPS for ASP.NET Web API service. After HTTPS is enabled, if a request is issued using HTTP we want it to be automatically redirected to HTTPS.

This is continuation to Part 16. Please watch Part 16 from ASP.NET Web API tutorial before proceeding.



Two simple steps to enable HTTPS for ASP.NET Web API service. 

Step 1 : Right click on the ASP.NET Web API project and add a class file. Name it RequireHttpsAttribute. Copy and paste the following code



using System;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;

namespace EmployeeService
{
    public class RequireHttpsAttribute : AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps)
            {
                actionContext.Response = actionContext.Request
                    .CreateResponse(HttpStatusCode.Found);
                actionContext.Response.Content = new StringContent
                    ("<p>Use https instead of http</p>", Encoding.UTF8, "text/html");

                UriBuilder uriBuilder = new UriBuilder(actionContext.Request.RequestUri);
                uriBuilder.Scheme = Uri.UriSchemeHttps;
                uriBuilder.Port = 44337;

                actionContext.Response.Headers.Location = uriBuilder.Uri;
            }
            else
            {
                base.OnAuthorization(actionContext);
            }
        }
    }
}

Step 2 : Include the following line of code in Register() method of WebApiConfig class in WebApiConfig.cs file in App_Start folder. This adds RequireHttpsAttribute as a filter to the filters collection. So for every request the code in this filter is executed. If the request is issued using HTTP, it will be automatically redirected to HTTPS.

config.Filters.Add(new RequireHttpsAttribute());

Please note : If you don't want to enable HTTPS for the entire application then don't add RequireHttpsAttribute to the filters collection on the config object in the register method. Simply decorate the controller class or the action method with RequireHttpsAttribute for which you want HTTPS to be enabled. For the rest of the controllers and action methods HTTPS will not be enabled.

ASP.NET Web API tutorial for beginners

9 comments:

  1. How make Authentication in webApi?

    ReplyDelete
  2. Hi venkat my onauthorization method been called twice ?

    ReplyDelete
    Replies
    1. Yes.
      For 1st time, it will execute 'if' condition and for 2nd time, it will execute 'else' condition.
      First time, if Uri contains http, then 'if' condition will execute and it will converted into https. Hence again same method will call 'else' condition. Because now Uri contains https with different port number.

      Delete
  3. Don't we have [RequireHttps] attribute directly, as we used in MVC?

    Thanks,
    Himanshu Pareek.

    ReplyDelete
    Replies
    1. RequireHttps is not available in MVC API so devs need to replicate the same functionality just like Venkat did.

      Read More here : https://blogs.msdn.microsoft.com/carlosfigueira/2012/03/09/implementing-requirehttps-with-asp-net-web-api/

      Delete
  4. Venkat Sir, Can you please add a tag/label for tutorials under one topic so that it's easier to find code used in a previous examples. Switching between Youtube and the blog becomes little hard.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Not working. Instead of adding the line config.Filters.Add(new new RequireHttpsAttribute()) to WebApiConfig's Register method, it should be added to FilterConfig.cs in the RegisterGlobalFilters method like this:

    filters.Add(new RequireHttpsAttribute());

    ReplyDelete
  7. Hi Venkat,
    Can you explain what is the term "handshake" used for in terms of Web Api

    ReplyDelete

It would be great if you can help share these free resources