How to enforce use of https for Blazor web assembly?

1
votes

How can I enforce use of ssl secure connection via https for Blazor web assembly?

I tried adding 

app.UseHttpsRedirection();

to Startup.cs of a server project (api) but that didnt do anything.

I want to enforce it for both api and client of blazor web assembly app.

EDIT

Since we are going back and forth if an app is secure enough if only API is secured, I would like to rephrase my question. How do I redirect a page from a http to https on initial start of blazor client?

2
blazorblazor-client-side
that makes no sense. i mean for the server ok, but could you add some useful information? like what do you mean with enforceing it for the client blazor web assembly app? like enforce it for the download of the app? or should the app only be able to use https? - Patrick Beynio
How would your browser understand that this is a https page? I dont think browser at this point really cares if your connection to api is secure to consider your site to be secured. - mko

2 Answers

0
votes

How to enforce SSL on server side is described here: enforcing-ssl

But enforcing it for the client just makes little to no sense and i think there is no way to really force it!
Of cause you could wrap HttpClient to only use https, but there is not a single benefit i could imagine.

0
votes

It cannot be done in code or the config of the Web App. It can however be set in the settings on the server. If you are hosting your App in Azure you can enforce use of HTTPS by setting the "HTTPS Only" setting to true under the "TLS/SSL" category of the App Settings. If you are hosting it elsewhere you will need to change your server web.config file to include a redirect rule (see here: How to force HTTPS using a web.config file).