ASP.NET Core basic middleware for supporting HTTPS Redirection and HTTP Strict-Transport-Security.
This package was built from the source code at https://github.com/aspnet/BasicMiddleware/tree/2d3ad1cb0f9872da40c6d143ce4554563971ae04
HTTP Strict Transport Security (HSTS) describes a method for a web site to tell client browsers that they should only interact with it over secure transport, i.e. TLS Whilst there have been browser plugins which support this draft specification, support for HSTS was announced for v4 of Google Chrome...
Adds extra security measures for PEN tests:
- Set all timeouts to 20 minutes
- Forces SSL on all requests
- Enforces HTTPOnly and SSL cookies
- Clears unneeded HTTP header information
- Disables iFraming and adds Strict-Transport-Security to HTTP header
Adds/removes conservative set of security minded HTTP headers and redirects HTTP requests to HTTPS while maintaining keep alive functionality. Now supports Application Insights. For full details see readme.md on project site.