In the .NET Core MVC course, you learned how to integrate SSL into an Azure App Service to assign a custom domain. As a quick reminder, let me reiterate what was said in this regard:
Set up a custom domain
Assigning a custom domain to your app is always nice, and it can be done for any Azure App Service. We will not require you, as part of this course, to assign custom domain for your app. To do so is simply too costly for a tutorial project such as this. However, we do want to make you aware of what is required to do so, should you decide to at a later date. Here are the things you’ll need to consider and do before a custom domain can be assigned:
In the interest of keeping things as inexpensive as possible for our students, that’s as far as we’ll take this subject for this course. This at least provides you with a checklist of what you’ll need to do once you’re ready to assign a custom domain to one of your applications.
While SSL is required to set up a custom domain for an App Service on Azure, that’s definitely not the only reason to use it. Using SSL and requiring a secure HTTPS connection for your website or application assures users that the information they may divulge on your site is protected from potential threats. In fact, without it, your site visitors may not even get to your site. They may see a message like this instead:
That’s not something that instills confidence. I’m sure you’ve encountered something similar as you’ve browsed online. And unless you knew for certain that the site to which you were trying to navigate was valid and OK (something you built, for example), then you probably chose not to proceed and navigated right back to where you came from.
If you want online traffic, warnings like this aren’t much of a help, which is why SSL is so important.
It should be noted that not all SSL certificate services require a financial commitment. There are some folks out there that believe online security should be made available to everyone. One example is Let’s Encrypt, a free, automated, and open certificate authority. There are other free SSL services out there as well, but if you go this route, remember that not all services are created equal. Be sure the one you select is reputable. Free SSL may require a bit more work on your part to maintain your site’s secure status, but if money is an obstacle, then a little extra work may be a small price to pay.
Requiring HTTPS is a simple thing to do, and it only takes a moment to ensure that your applications require this protocol. It makes sure that data transmitted from your site is encrypted and offers your site’s visitors a small sense of security and trust.
The easiest way to set this requirement up for your application is on Azure. You’ll assign this requirement to the app service that contains your application.
Navigate to the desired app service on your Azure account.
Locate and click the TLS/SSL link in the left navigation menu.
Turn the Require HTTPS switch on by clicking it.
That’s all it takes! Is there any reason not to apply such a simple feature to your applications and offer your users a bit more peace of mind? I recommend making this small step a standard practice for all of your web applications.
This chapter concludes the course on securing ASP.NET Core web applications. In this chapter we:
Reviewed and reiterated the importance of SSL.
Learned how to require the HTTPS protocol for your applications.
Now let's put it all together!