Enabling SSL in IIS Express

This blog post is intended to help lay the groundwork to eventually setup and configure Mutual Authentication (Two Way TLS/Client Cert).  For now, I will demonstrate how to just setup and configure basic SSL in IIS Express.  For this exercise, I will be using a self-signed certificate that Visual Studio automatically generates and installs for us.

In the next blog, I will then show how to setup and configure a Client Cert for Mutual Authentication for your Web API.  Finally, I will demonstrate how to deploy this to an Azure App Service and test using Chrome and Postman.

Prerequisites:  Visual Studio 2017 Community Edition on Windows 10 Home Edition or similar development environment.

Assumption:  You know C#, WebApi and do not need every exact step for creating a Web API project.

My source code can be found here:

Creating a Sample Project

First, let’s start by creating an Empty WebApi project.

NewProject.JPG

After clicking the “Ok” button, then check MVC and WebApi.

EmptyWebApiProject.JPG

Then click “Ok” again.  Now we are ready to add a new API endpoint.  Right click on the Controllers folder and add a new Controller.  Since this is a WebApi, make sure your controller inherits from ApiController.

Next, let’s add a test endpoint that returns various useful information:

public IHttpActionResult Get()
{
     var testResult = new
     {
          ApiName = "SSLSample",
          ServerInstance = Environment.MachineName,
          Version = "1.0",
          UsingSSL = (this.ActionContext.Request.RequestUri.Scheme == Uri.UriSchemeHttps),
          HealthMeter = 100
     };

     return Ok(testResult); // Returns an OkNegotiatedContentResult
 }

Next run and test the endpoint to verify that our endpoint works and returns the expected result using your favorite browser with the appropriate URL.

ChromeHttpResult.JPG

The results will look similar to this:

{
 "ApiName": "SSLSample",
 "ServerInstance": "ASUS",
 "Version": "1.0",
 "UsingSSL": false,
 "HealthMeter": 100
}

Note:  Your URL may be different.  Check the properties of your project for the URL your project is configured for.  It will usually very by port number.

Now we know we have a working API.  Let’s configure SSL.

Configuring SSL

This is really, really difficult so make sure your read carefully (note the sarcasm).   Microsoft has really overly simplified this process compared to 10 years ago.  First, right click on the project and click “Properties”.

In the “Properties” section, enable SSL.

EnablingSSL.JPG

Now, run  the WebApi.  The first time when your run the WebApi project, you will need to trust the IIS Express SSL Certificate.

TestSelfSignedCert.JPG

Then another dialog will pop-up asking you to install the certificate.

TrustingTheCert.JPG

Once this is up and running, let’s test the endpoint using HTTPS.  Obviously, make sure your are using the appropriate URL when testing HTTPS.

ChromeHttpsResult.JPG

Notice that both HTTP and HTTPS URLs will work.  It is up to you to decide if you need to block access to your endpoints for HTTP.  There are several ways to do that.

Conclusion

This blog has demonstrated how simple it is now to develop and run Web API in IIS Express using SSL.  Ten years ago doing this was very convoluted and error prone.  Now it is overly simplified so any developer can easily setup their dev environment to run SSL.  Next, I will dive into Mutual Authentication for IIS Express.

References