Last post Jan 26, 2017 10:42 PM by priyalwalpita
Jan 23, 2017 11:49 AM|Jake1234|LINK
Is there any programmatic way that where I can mandate the HTTPS in my ASP.Net Web API? I need to perform this for all HTTP methods in my Web API.
Can we mandate HTTPS to specific HTTP messages as well ?
Please note that I need to do this in programmatic way in my ASP.Net back end.
Jan 23, 2017 12:24 PM|PatriceSc|LINK
https://www.asp.net/web-api/overview/security/working-with-ssl-in-web-api which shows how you could create an attribute to require that as needed.
Jan 26, 2017 10:42 PM|priyalwalpita|LINK
t is better if you block your request in the back end if it is not coming through TLS channel.
What you can do is, create a custom filter class which inherited from the ActionFilterAttribute class. Then you can override the OnActionExecuting method to cater your requirement. You can check the request against the Uri.UriSchemeHttps and perform an appropriate
Following is a sample code(Please note that I am giving this as an example. It may not suitable 100% for your production environment).
public class MyHttpsOnlyFilter : ActionFilterAttribute
public override void OnActionExecuting(HttpActionContext context)
var request = context.Request;
if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
var response = request.CreateResponse(HttpStatusCode.Forbidden);
response.Content = new StringContent("This API accepts only HTTPS requests");
context.Response = response;