User Name: PW:
Go to Adult Classifieds - New Site Coming Soon
Section: Category: Sub Category:

How to Setup Secure Transport Security for WWW Redirect

Secure Transport Security in ASP.Net
Secure Transport Security in ASP.Net
Rant #2834 Written by: on Sunday, September 29, 2019
0/5 | (0 Ratings) | Rate This!
Topic: ASP.Net
Google Map
Location:
P.O. Box 86653
Portland, Oregon, United States
If you are trying to configure Secure Transport Security headers for your ASP.Net web site then you need to be careful not to include subdomains unless you already have a wildcard SSL certificate or the certificate is issued to the www version of your domain. I found this out after adding Secure Transport Security to this website. After I did that the redirect from www to non www resulted in a privacy error in Google Chrome before the redirect could be processed.

I solved this simply by removing "includeSubDomains" from the Strict-Transport-Security value in my web.config file. The new value just includes max-age. This was not a problem on another site of mine where I had a wildcard SSL certificate. On that site www.site.com would be covered by a certificate issued to *.site.com but this site has a certificate issued to nolimitlist.com so a call to www.nolimitlist.com returns an invalid certificate. I wish I had gotten a wildcard because I intend to add subdomains in the future for geographic areas.

Conclusion

Buy a wildcard certificate or do not include subdomains in your Secure-Transport-Security value in your web.config file. Secure Transport Security is not really necessary if you build your site right anyway. Just make sure everything redirects to HTTPS and all of your links link to https URLs and the site will be HTTPS everywhere.


Comments and Ratings

There Are 0 Comments

Login to Comment and Rate