ASP.NET Core 3.1 Web API : can it be self-hosted as Windows service with https and use some certificate like IIS?

Question

I am using default ASP.NET Core 3.1 Web API app where I have configured it for https and using app.UseHttpsRedirection(); as well.

Now I am hosting this as a Windows service using this nuget package: Microsoft.Extensions.Hosting.WindowsServices.

Hosting is done but I am getting the API result using http, but it's causing an error while trying to use https like https://localhost:5001/weatherforecast

Can I create some self signed certificate like IIS and assign it and can run as https?

Answer 1

@Frank Nielsen answer is correct, but i wanted to add one more method if someone else wanted different approach.

Part with creating certificate is the same as on the blog that @Franck Nielsen posted link to it. Just in this approach all configuration is done automatically through appsettings.json.

ASP.NET Core 5.0 docs says:

CreateDefaultBuilder calls Configure(context.Configuration.GetSection("Kestrel")) by default to load Kestrel configuration.

So you should add "Kestrel" section to appsetting.json

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://localhost:5000"
      },
      "Https": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "<path to .pfx file>",
          "Password": "<certificate password>"
        }
      }
    }
  }
}

Program.cs could look like this with no additional configuring of Kestrel.

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder.UseStartup<Startup>();
        })
        .UseWindowsService();

And viola, rest is done by framework...

I found this method more cleaner and there is no hustle with things like getting the root directory of application .exe in windows service.

Link to ASP.NET Core 5.0 docs: Configure endpoints for the ASP.NET Core Kestrel web server

Answer 2

Yes, you can - but with some browser restrictions.

Create a certificate, and then either register it in certificate store, or load it in manually into Kestrel like:

certificate.json

{
  "certificateSettings": {
    "fileName": "localhost.pfx",
    "password": "YourSecurePassword"
  }
}

and use it something like this:

public class Program
{
    public static void Main(string[] args)
    {
        var config = new ConfigurationBuilder()
            .SetBasePath(Directory.GetCurrentDirectory())
            .AddEnvironmentVariables()
            .AddJsonFile("certificate.json", optional: true, reloadOnChange: true)
            .AddJsonFile($"certificate.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json", optional: true, reloadOnChange: true)
            .Build();

        var certificateSettings = config.GetSection("certificateSettings");
        string certificateFileName = certificateSettings.GetValue<string>("filename");
        string certificatePassword = certificateSettings.GetValue<string>("password");

        var certificate = new X509Certificate2(certificateFileName, certificatePassword);

        var host = new WebHostBuilder()
            .UseKestrel(
                options =>
                {
                    options.AddServerHeader = false;
                    options.Listen(IPAddress.Loopback, 443, listenOptions =>
                    {
                        listenOptions.UseHttps(certificate);
                    });
                }
            )
            .UseConfiguration(config)
            .UseContentRoot(Directory.GetCurrentDirectory())
            .UseStartup<Startup>()
            .UseUrls("https://localhost:443")
            .Build();

        host.Run();
    }
}

Snippets taken from this good blog post: https://www.humankode.com/asp-net-core/develop-locally-with-https-self-signed-certificates-and-asp-net-core