Skip to main content

Working With SSL Certificate Warning in MVC 5 Application

This article explains the accessibility of OAuth 2.0 in the ASP.NET MVC 5 Web Application. We can use various types of external authentication providers like Facebook, Google, Microsoft and Twitter in MVC 5 applications to log in.

 In the same context, I am very excited to describe that now you will not receive any type of SSL Certificate warnings when you enable SSL for the MVC application. Previously while enabling the SSL in the MVC application, the browser like IE, Chrome and Firefox showed a SSL Certificate warning. You can refer to Working with Facebook in MVC and check out in the Step 8 of Creating and Working with Facebook App as in the following screenshot:

With the use of the following article you will not receive the SSL Certificate Warning in most browsers including IE and Chrome. Firefox will show the warning because Firefox uses its own certificate store, so it will display the warning. We'll see it later in this article.
So, let's develop the application to work with the external providers. Here I am also describing how to develop the app on Google and authenticating the MVC application by the app on Google. Please use the following procedure:
  • Creating ASP.NET MVC 5 Web Application
  • Enabling and Setting Up the SSL 
Creating ASP.NET MVC 5 Web Application
In this section you will create the web application in the Visual Studio 2013 using the following procedure.
Step 1: Open Visual Studio 2013 and click on "New Project".


 Step 2: Select the ASP.NET Web Application and enter the application name.
Step 3: Select the MVC Project Template to develop the application.
  
  Visual Studio automatically creates the MVC 5 application and you can execute the application by ressing Ctrl+ F5 or F5.

Enabling and Setting Up the SSL
We need to set up the IIS Express to use SSL to connect with the external authentication providers like Google and Facebook. It's important to contiinue using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password and without using SSL you're sending it in clear-text across the wire.
Use the following procedure.

 Step 1: In the Solution Explorer, select the application and press the F4 key.
Step 2: Enable the SSL Enabled option and copy the SSL URL.

Step 3: Now just right-click on the application and select the Properties option.
Step 4: Select the Web tab from the left pane, and paste the SSL URL into the Project URL box.

Step 5: Select the HomeController.cs from the Controllers folder and add the following highlighted code to edit:
namespace MvcAuthenticationApp.Controllers
{
    [RequireHttps]
    public class HomeController : Controller
    {
        public ActionResult Index()
        {
            return View();
        }

In the code above the RequireHttps attribute is used to require that all requests must use HTTPS.


Step 6: Now press Ctrl+F5 to run the application and follow the instructions to trust the self-signed certificate generated by IIS Express.

 Step 7: After clicking on Yes, the Security Warning wizard opens and click Yes to install the certificate representing the localhost.


Step 8: Now, when you run the application using Internet Explorer (IE), it shows the Home Page of the application and there is no SSL warning.


Firefox will show the warning because, as I said earlier, Firefox uses its own certificate store, so it will display the warning.

Comments

Post a Comment

Popular posts from this blog

WhatsApp to release Dark Theme for Android beta testers

WhatsApp has recently submitted a new update through the Google Play Beta Program , bringing the version up to 2.20.13. This update contains, finally, a very important Dark Theme If you have installed the update, the  Dark Theme  might be available for you: check out  WhatsApp Settings > Chats Screenshot for Reference
Post a Comment
Read more

T@M!L Tech Privacy Policy

T@M!L Tech Privacy Policy This privacy policy has been compiled to better serve those who are concerned with how their  'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law and  information security, is information that can be used on its own or with other information to identify,  contact, or locate a single person, or to identify an individual in context.  Please read our privacy policy carefully to get a clear understanding of how we collect, use,  protect or otherwise handle your Personally Identifiable Information in accordance with our website. What personal information do we collect from the people that visit our blog, website or app? We do not collect information from visitors of our site. own data or other details to help you with your experience. When do we collect information? We collect information from you when you register on our site or enter information on our site. How do we use y
Post a Comment
Read more

WhatsApp finally brings fingerprint authentication to Android beta users

The long awaited feature has made its way to a stable WhatsApp beta build for Android You can activate the functionality by tapping on the hamburger menu (three dots on the top right corner) and then selecting  Settings>Account>Privacy>Fingerprint lock
Post a Comment
Read more