In a previous post, I showed how to self-host ASP.NET Web API. This post shows how to change that example in order to enable HTTPS support.
- On an elevated console (“Run as administrator”), execute “netsh http add urlacl url=https://+:4443/ user=<your user name>”, to allow the running user to listen on port 4443 using HTTPS (note the use of ‘https’ instead of ‘http’ in the above command).
- Also on an elevated console, register the server certificate by running
netsh http add sslcert ipport=0.0.0.0:port certhash=thumbprint appid={app-guid} where
- port is the listening port (e.g. 4443); the special IP address 0.0.0.0 matches any IP address for the local machine;
- thumbprint is the certificate’s SHA-1 hash, represented in hexadecimal;
- app-guid is any GUID (e.g. {00000000-0000-0000-0000-000000000000}) , used to identity the owning application.
- In the previous post’s Main method, replace the HttpSelfHostConfiguration class with the new MyHttpsSelfHostConfiguration class, containing the following code.
-
class MyHttpsSelfHostConfiguration : HttpSelfHostConfiguration { public MyHttpsSelfHostConfiguration(string baseAddress) : base(baseAddress){} public MyHttpsSelfHostConfiguration(Uri baseAddress) : base(baseAddress){} protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding) { httpBinding.Security.Mode = HttpBindingSecurityMode.Transport; return base.OnConfigureBinding(httpBinding); } } - Change the base address passed to the MyHttpsSelfHostConfiguration constructor: var config = new MyHttpsSelfHostConfiguration(“https://localhost:4443”);
- Run the program, open a browser and access https://localhost:4443/hello
That’s it: you now have a self-hosted ASP.NET Web API server, using the secure HTTPS protocol.
Thank you for posting this and being so clear. It allowed me to not only get self-hosted webapi working under ssl but also nancy and servicestack endpoints (which use HttpListener).
Glad to be helpfull 🙂
Thanks for the article. Works like a champ!
Any reason in your example you chose to bind to port 4443 instead of 443, which I thought was the standard port for the HTTPS protocol?
Yes, 443 is the standard HTTPS, which is typically in usage by IIS on my dev. machine. This why I chose 4443 for the self host demo.
Glad you liked.
Does that then mean that when you deploy your app you need to
A. Programmatically execute (or part of an MSI install ) the netsh http add sslcert …
B. the user running this ( or installing the msi ) needs to have administrative rights on the box?
Yes. I don’t know of any other way of configuring SSL server certificates when using self.host.
Reblogged this on Mike's Dev Blog and commented:
Nice easy to follow article on implementing HTTPS with a self hosted app
Reblogged this on BaluSoft Blog.
Pingback: Use SSL with Self hosted WebAPI on client side | BlogoSfera
This does not seems to work on Visual Studion 2012 using .Net 4.5. I am getting an error:
The type or namespace name ‘BindingParameterCollection’ could not be found (are you missing a using directive or an assembly reference?)
It looks like the BindingParameterCollection is some internal class that cannot be accessed.
I did add a reference for System.ServiceModel.Channels and the corresponding using statement. It still throws the same error.
I got it to work! Actually, we do not need the MyHttpsSelfHostConfiguration override. It turns out that HttpsSelfHostConfiguration automatically enables SSL if we use https://localhost:443 … in the initialization step (var config = new HttpSelfHostConfiguration(“https://localhost:443”);)
Pingback: IIS HTTPS configuration for Team development | Software Engineering
I use one self host (as what you config), then send request to the self host , but I could get the certificate from the request . do you know why?
Anyway you can explain how to achieve this in Linux?
Is there an update to this? Using the latest nugets get an exception when trying to startup now, doesn’t seem to like the 4.0 version of the system.web.http or something like that. COM Interop error.
the browser complain about the self signed certificate when i try https request. How would we solve that problem?
You need to obtain a certificate and private key from a “trusted CA”, such as https://letsencrypt.org. Alternatively, for a dev environment, you can add your CA certificate to the list of Window’s trusted certificates.