Working With SSL Certificate Warning in MVC 5 Application

Introduction

This article explains the accessibility of OAuth 2.0 in the ASP.NET MVC 5 Web Application. We can use various types of external authentication providers like Facebook, Google, Microsoft and Twitter in MVC 5 applications to log in.

In the same context, I am very excited to describe that now you will not receive any type of SSL Certificate warnings when you enable SSL for the MVC application. Previously while enabling the SSL in the MVC application, the browser like IE, Chrome and Firefox showed a SSL Certificate warning. You can refer to Working with Facebook in MVC and check out in the Step 8 of Creating and Working with Facebook App as in the following screenshot:

With the use of the following article you will not receive the SSL Certificate Warning in most browsers including IE and Chrome. Firefox will show the warning because Firefox uses its own certificate store, so it will display the warning. We'll see it later in this article.

So, let's develop the application to work with the external providers. Here I am also describing how to develop the app on Google and authenticating the MVC application by the app on Google. Please use the following procedure:

• Creating ASP.NET MVC 5 Web Application
• Enabling and Setting Up the SSL

Creating ASP.NET MVC 5 Web Application

In this section you will create the web application in the Visual Studio 2013 using the following procedure.

Step 1: Open Visual Studio 2013 and click on "New Project".

Step 2: Select the ASP.NET Web Application and enter the application name.

Step 3: Select the MVC Project Template to develop the application.

Visual Studio automatically creates the MVC 5 application and you can execute the application by ressing Ctrl+ F5 or F5.

Enabling and Setting Up the SSL

We need to set up the IIS Express to use SSL to connect with the external authentication providers like Google and Facebook. It's important to contiinue using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password and without using SSL you're sending it in clear-text across the wire.

Use the following procedure.

Step 1: In the Solution Explorer, select the application and press the F4 key.

Step 2: Enable the SSL Enabled option and copy the SSL URL.

Step 3: Now just right-click on the application and select the Properties option.

Step 4: Select the Web tab from the left pane, and paste the SSL URL into the Project URL box.

Step 5: Select the HomeController.cs from the Controllers folder and add the following highlighted code to edit:

In the code above the RequireHttps attribute is used to require that all requests must use HTTPS.

Step 6: Now press Ctrl+F5 to run the application and follow the instructions to trust the self-signed certificate generated by IIS Express.

Step 7: After clicking on Yes, the Security Warning wizard opens and click Yes to install the certificate representing the localhost.

Step 8: Now, when you run the application using Internet Explorer (IE), it shows the Home Page of the application and there is no SSL warning.

The same thing for Google Chrome as in the following:

Firefox will show the warning because, as I said earlier, Firefox uses its own certificate store, so it will display the warning.

Summary

This article explained that you can apply the RequireHttps attribute so that all requests use the HTTPS for IIS Express. With the use of this most browsers will not show the SSL Certificate warning during the MVC application execution. Thanks for reading.