Switching over to using SSL in Rider (modifying Kestrel configuration)

gorohoroh · gorohoroh · commit f846341162bc · 2018-07-14T17:30:24.000+03:00
diff --git a/OdeToFoodRider/OdeToFoodRider/Program.cs b/OdeToFoodRider/OdeToFoodRider/Program.cs
@@ -2,6 +2,8 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Net;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Hosting;
@@ -14,12 +16,36 @@ public class Program
     {
         public static void Main(string[] args)
         {
-            BuildWebHost(args).Run();
-        }
+            var config = new ConfigurationBuilder()
+                .SetBasePath(Directory.GetCurrentDirectory())
+                .AddEnvironmentVariables()
+                .AddJsonFile("certificate.json", optional: true, reloadOnChange: true)
+                .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
+                .Build();
 
-        public static IWebHost BuildWebHost(string[] args) =>
-            WebHost.CreateDefaultBuilder(args)
+            var certificateSettings = config.GetSection("certificateSettings");
+            string certificateFileName = certificateSettings.GetValue<string>("filename");
+            string certificatePassword = certificateSettings.GetValue<string>("password");
+            
+            var certificate = new X509Certificate2(certificateFileName, certificatePassword);
+
+            var host = new WebHostBuilder()
+                .UseKestrel(options =>
+                {
+                    options.AddServerHeader = false;
+                    options.Listen(IPAddress.Loopback, 44321,
+                        listenOptions =>
+                        {
+                            listenOptions.UseHttps(certificate);
+                        });
+                })
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseStartup<Startup>()
+                .UseUrls("https://localhost:44321")
                 .Build();
+            
+            host.Run();
+        }
     }
 }
diff --git a/OdeToFoodRider/OdeToFoodRider/Startup.cs b/OdeToFoodRider/OdeToFoodRider/Startup.cs
@@ -5,6 +5,8 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Rewrite;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
@@ -32,8 +34,18 @@ public void ConfigureServices(IServiceCollection services)
             services.AddDbContext<OdeToFoodDbContext>(options =>
                 options.UseSqlServer(_configuration.GetConnectionString("OdeToFood")));
             services.AddScoped<IRestaurantData, SqlRestaurantData>();
-            services.AddMvc();
-            
+            services.AddMvc(options =>
+            {
+                options.SslPort = 44321;
+                options.Filters.Add(new RequireHttpsAttribute());
+            });
+            services.AddAntiforgery(options =>
+            {
+                options.Cookie.Name = "_af";
+                options.Cookie.HttpOnly = true;
+                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                options.HeaderName = "X-XSRF-TOKEN";
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -44,6 +56,7 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, IGreeter
                 app.UseDeveloperExceptionPage();
             }
 
+            app.UseRewriter(new RewriteOptions().AddRedirectToHttpsPermanent());
             app.UseStaticFiles();
             app.UseMvc(ConfigureRoutes);
                         
