Securing a website with HTTPS in Asp.net core is a bit different than with normal asp.net in IIS. In this post I will show to configure asp.net core so that it uses HTTPS.
Really worth watching this!
In the previous post I showed how to enable HSTS so that all HTTP traffic to a website is secured. As cool as that is, the unfortunate reality is that it is not always possible to secure all HTTP traffic for a website especially when dealing with some legacy technology.
It is important to realize that although a website might be running under HTTPS it does not guarantee that the session information is not accessible from normal HTTP requests. When a session cookie is generated it is important to make sure that the cookie can only be transmitted over a secure HTTP connection (HTTPS).