Good day.
The essence of the question is set out in the title. Do I need to manually create a certificate and twist it to IIS? Or is it enough just to register something in the Web.config file ??? Or do you need to specify [RequireHttps] before each method of all controllers ??? If there is normal documentation, poke your nose, please, because I haven’t found anything really useful ...
Yes, the certificate needs to be tightened up in IIS, the instruction and free certificate for a year can be found, for example, here .
Also, in IIS to work on the HTTPS MVC site, you must specify the binding to https:
If you are not going to use secure and normal HTTP for the site at the same time, then you do not need to specify any attributes, as well as edit Web.config - IIS will not respond to regular HTTP requests.
If you create a certificate for the server yourself (self signed certificate), then many browsers will issue a warning message to the user.
To prevent such a warning, you need to order / buy an SSL certificate from verified certification authorities. This can be done, for example, with domain registrars or hosting providers.
How to configure the SSL certificate in IIS can be found here .
How to make the ssl-certificate in IIS yourself here .
The web application will work without any edits in the web.config.
The RequireHttps attribute requires calling the marked methods (Action) over HTTPS.
Source: https://ru.stackoverflow.com/questions/433491/
All Articles