In a previous post, I showed how to self-host ASP.NET Web API. This post shows how to change that example in order to enable HTTPS support.
- On an elevated console (“Run as administrator”), execute “netsh http add urlacl url=https://+:4443/ user=<your user name>”, to allow the running user to listen on port 4443 using HTTPS (note the use of ‘https’ instead of ‘http’ in the above command).
- Also on an elevated console, register the server certificate by running
netsh http add sslcert ipport=0.0.0.0:port certhash=thumbprint appid={app-guid} where
- port is the listening port (e.g. 4443); the special IP address 0.0.0.0 matches any IP address for the local machine;
- thumbprint is the certificate’s SHA-1 hash, represented in hexadecimal;
- app-guid is any GUID (e.g. {00000000-0000-0000-0000-000000000000}) , used to identity the owning application.
- In the previous post’s Main method, replace the HttpSelfHostConfiguration class with the new MyHttpsSelfHostConfiguration class, containing the following code.
-
class MyHttpsSelfHostConfiguration : HttpSelfHostConfiguration { public MyHttpsSelfHostConfiguration(string baseAddress) : base(baseAddress){} public MyHttpsSelfHostConfiguration(Uri baseAddress) : base(baseAddress){} protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding) { httpBinding.Security.Mode = HttpBindingSecurityMode.Transport; return base.OnConfigureBinding(httpBinding); } } - Change the base address passed to the MyHttpsSelfHostConfiguration constructor: var config = new MyHttpsSelfHostConfiguration(“https://localhost:4443″);
- Run the program, open a browser and access https://localhost:4443/hello
![image]( "image")
That’s it: you now have a self-hosted ASP.NET Web API server, using the secure HTTPS protocol.
