7

I have REST API application created using ASP.NET Core 2.1. REST API is created by WebHostBuilder and hosted by Kestrel. 

Startup.Kernel = kernel; _restApiServer = new WebHostBuilder() .UseKestrel(options => { }) .UseContentRoot(Directory.GetCurrentDirectory()) .UseIISIntegration() .UseStartup<Startup>() .UseUrls(string.Format("http://localhost:{0}", _configuration.PortNumber)) .UseSetting("https_port",_configuration.HttpsPort.ToString()) .Build(); _restApiServer.Run();

REST API is served on port 8998 by default. This REST API is started by my different application. I am able to connect to this REST API using browser and POSTMAN.

Now I would like to secure my connection to REST API. What I did is: I've added necessity configuration to force secure connection in my Startup class in Configure method:

app.UseHttpsRedirection();

And I've also executed a code for trusting dev certs:

dotnet dev-certs https --trust

The case is that when I try to access the web api via browser I get and error:

localhost refused to connect. Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

Also when I am using POSTMAN to call some REST API methods I got and error:

Could not get any response

What am I doing wrong? Do I need to specify the certificate directly in Kestrel configuration?

Improve this question

1 Answer 1

Reset to default
10
+50

Since https is a different protocol, you need to configure another port for https. There are three things you need to do in order to automatically redirect to the https url:

  1. Add a listener. In program.cs (the port numbers are an example):

    .UseUrls("http://localhost:8998", "https://localhost:8999");

    When you start the application you should see:

enter image description here

  1. Configure the https redirection. In Startup.ConfigureServices:

    services.AddHttpsRedirection(options => options.HttpsPort = 8999);

    If you omit this step then the default port is used, probably 5001. For hosting on Azure you may need to set this to 443.

  2. And in Startup.Configure:

    app.UseHttpsRedirection();

A call to http://localhost:8998 will now be redirected to https://localhost:8999.

If you followed above steps but did not create the certificate then the https port is not listed and will not be available! If the certificate was created then both ports should be listed.

I assume that in production the Api will run behind a proxy. In that case you can omit the above steps. Running behind a proxy means that you can redirect http to https there, which means that you don't need https redirect.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I folloed your instruction. When I start my WebApi I get an error : Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found." I already executed "dotnet dev-certs https and dotnet dev-certs https'. --trust. I've seen this post and someone told there that with .net core 2.1 you need to configure your certificate stackoverflow.com/questions/53300480/… . Is there any other option?
Please note that my web api is started by other application which is running as a windows service
Microsoft says explicitly not to do that. Redirections makes no sens for api, as api clients don't understand redirection. See more here : learn.microsoft.com/en-us/aspnet/core/security/…
where is .UseUrls() defined?
@MikeW, you should add it into the ConfigureWebHostDefaults method in the Program.cs file like the following: return Host.CreateDefaultBuilder(args).ConfigureWebHostDefaults(builder => { builder.UseUrls("http://localhost:8998", "https://localhost:8999"); builder.UseStartup<Startup>(); });

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.