Pedro Félix’s shared memory

Enabling HTTPS with self-hosted ASP.NET Web API

Posted in Software by pedrofelix on February 26, 2012

In a previous post, I showed how to  self-host ASP.NET Web API. This post shows how to change that example in order to enable HTTPS support.

  1. On an elevated console (“Run as administrator”), execute “netsh http add urlacl url=https://+:4443/ user=<your user name>”, to allow the running user to listen on port 4443 using HTTPS (note the use of ‘https’ instead of ‘http’ in the above command).
  2. Also on an elevated console, register the server certificate by running

    netsh http add sslcert ipport= certhash=thumbprint appid={app-guid} where

    • port is the listening port (e.g. 4443); the special IP address matches any IP address for the local machine;
    • thumbprint is the certificate’s SHA-1 hash, represented in hexadecimal;
    • app-guid is any GUID (e.g. {00000000-0000-0000-0000-000000000000}) , used to identity the owning application.
  3. In the previous post’s Main method, replace the HttpSelfHostConfiguration class with the new MyHttpsSelfHostConfiguration class, containing the following code.
  4. class MyHttpsSelfHostConfiguration : HttpSelfHostConfiguration
        public MyHttpsSelfHostConfiguration(string baseAddress) : base(baseAddress){}
        public MyHttpsSelfHostConfiguration(Uri baseAddress) : base(baseAddress){}
        protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
            httpBinding.Security.Mode = HttpBindingSecurityMode.Transport;
            return base.OnConfigureBinding(httpBinding);
  5. Change the base address passed to the MyHttpsSelfHostConfiguration constructor: var config = new MyHttpsSelfHostConfiguration(“https://localhost:4443&#8243;);
  6. Run the program, open a browser and access https://localhost:4443/helloimage

That’s it: you now have a self-hosted ASP.NET Web API server, using the secure HTTPS protocol.

About these ads
Tagged with: ,

12 Responses

Subscribe to comments with RSS.

  1. ray2k said, on February 29, 2012 at 4:52 am

    Thank you for posting this and being so clear. It allowed me to not only get self-hosted webapi working under ssl but also nancy and servicestack endpoints (which use HttpListener).

    • pedrofelix said, on February 29, 2012 at 9:54 am

      Glad to be helpfull :)

  2. RichM said, on August 21, 2012 at 9:39 pm

    Thanks for the article. Works like a champ!

    Any reason in your example you chose to bind to port 4443 instead of 443, which I thought was the standard port for the HTTPS protocol?

    • pedrofelix said, on August 21, 2012 at 9:50 pm

      Yes, 443 is the standard HTTPS, which is typically in usage by IIS on my dev. machine. This why I chose 4443 for the self host demo.
      Glad you liked.

  3. chuck said, on October 13, 2012 at 3:16 am

    Does that then mean that when you deploy your app you need to
    A. Programmatically execute (or part of an MSI install ) the netsh http add sslcert …
    B. the user running this ( or installing the msi ) needs to have administrative rights on the box?

    • pedrofelix said, on October 14, 2012 at 11:38 pm

      Yes. I don’t know of any other way of configuring SSL server certificates when using

  4. miketrebs said, on January 4, 2013 at 3:57 pm

    Reblogged this on Mike's Dev Blog and commented:
    Nice easy to follow article on implementing HTTPS with a self hosted app

  5. Isaac Ojeda said, on May 6, 2013 at 4:20 pm

    Reblogged this on BaluSoft Blog.

  6. […] SSL. Users will be installing both the apps locally. Is this a feasible solution? If so, I found this article but not sure how to get the […]

  7. Sandeep Kakumanu said, on June 11, 2013 at 10:27 pm

    This does not seems to work on Visual Studion 2012 using .Net 4.5. I am getting an error:

    The type or namespace name ‘BindingParameterCollection’ could not be found (are you missing a using directive or an assembly reference?)

    It looks like the BindingParameterCollection is some internal class that cannot be accessed.

    • Sandeep Kakumanu said, on June 11, 2013 at 10:31 pm

      I did add a reference for System.ServiceModel.Channels and the corresponding using statement. It still throws the same error.

      • Sandeep Kakumanu said, on June 11, 2013 at 11:08 pm

        I got it to work! Actually, we do not need the MyHttpsSelfHostConfiguration override. It turns out that HttpsSelfHostConfiguration automatically enables SSL if we use https://localhost:443 … in the initialization step (var config = new HttpSelfHostConfiguration(“https://localhost:443″);)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: