添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
朝气蓬勃的木瓜  ·  stata中的数据类型 - CSDN文库·  1 周前    · 
刚失恋的投影仪  ·  Windows终端查看启动的jar程序的命令 ...·  5 天前    · 
英姿勃勃的冲锋衣  ·  mysql 最后一行插入数据 - CSDN文库·  4 天前    · 
开心的山羊  ·  哥布林洞窟百度云 - 百度·  4 天前    · 
小胡子的皮带  ·  C# 中的ushort - CSDN文库·  3 天前    · 
讲道义的牛肉面  ·  深圳市教育局关于批准深圳中学等66所学校开展 ...·  2 月前    · 
听话的硬盘  ·  SQLite - 将值绑定到准备好的语句 [zh]·  2 月前    · 
有腹肌的肉夹馍  ·  flex布局自动换行间距 - CSDN文库·  2 月前    · 
安静的春卷  ·  [实践OK]Ansible里的后向引用124 ...·  4 月前    · 
呐喊的石榴  ·  Loading...·  6 月前    · 
link管理  ›  Always use HTTPS Redirection Middleware and HSTS Middleware in your ASP.NET Core application | CAST
app 杞欢 always https
https://www.appmarq.com/public/security,1043066,Always-use-HTTPS-Redirection-Middleware-and-HSTS-Middleware-in-your-ASPNET-Core-ap
果断的冲锋衣
1 月前
Rule Definition
For an application that manage sensitive information and does not use message-level encryption, then it should only be allowed to communicate over an encrypted transport channel. therefore the application configuration should ensure that HTTPS is used for all access to sensitive information. It is recommended for an ASP.NET Core application to use: - HTTPS Redirection Middleware (UseHttpsRedirection) to redirect HTTP requests to HTTPS. - HSTS Middleware (UseHsts) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients.
Remediation
Ensure you have explicitly used UseHttpsRedirection and UseHsts APIs
Violation Code Sample 
// violation here because IApplicationBuilder app has not been setted properly
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    if (env.IsDevelopment())
        app.UseDeveloperExceptionPage();
        app.UseExceptionHandler("/Error");
    app.UseStaticFiles();
    app.UseRouting();
    app.UseAuthorization();
    app.UseEndpoints(endpoints =>
        endpoints.MapRazorPages();
												
 Fixed Code Sample

				
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    if (env.IsDevelopment())
        app.UseDeveloperExceptionPage();
        app.UseExceptionHandler("/Error");
        // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
        app.UseHsts();
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseRouting();
    app.UseAuthorization();
    app.UseEndpoints(endpoints =>
        endpoints.MapRazorPages();
				
Reference

				
https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#require-https

				
 Related Technologies

				
About CAST Appmarq

CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.					
			
 The compliance score represents 1 minus the ratio between the number of times a rule has been violated compared to the number of opportunities in a set of applications that the rule could have been violated.

			
 Industry Insights

			
Select from drop-down

					18.63%
 
推荐文章
朝气蓬勃的木瓜  ·  stata中的数据类型 - CSDN文库
1 周前
刚失恋的投影仪  ·  Windows终端查看启动的jar程序的命令 - CSDN文库
5 天前
英姿勃勃的冲锋衣  ·  mysql 最后一行插入数据 - CSDN文库
4 天前
开心的山羊  ·  哥布林洞窟百度云 - 百度
4 天前
小胡子的皮带  ·  C# 中的ushort - CSDN文库
3 天前
讲道义的牛肉面  ·  深圳市教育局关于批准深圳中学等66所学校开展2022年普通高中自主招生工作的通知-通知公告-深圳市教育局门户网站
2 月前
听话的硬盘  ·  SQLite - 将值绑定到准备好的语句 [zh]
2 月前
有腹肌的肉夹馍  ·  flex布局自动换行间距 - CSDN文库
2 月前
安静的春卷  ·  [实践OK]Ansible里的后向引用124进行替换,以及正则匹配shell下写在一行和写YAML文件的正则区别,结合正则猫RegexBuddy/Patterns的正确用法。PHP正则匹配反斜杠''和
4 月前
呐喊的石榴  ·  Loading...
6 月前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台