Redirecting WWW and Non-HTTPS Traffic with ASP.NET Core 2.0



Last updated: January 28th, 2024

Why Redirect Requests?

A website can be accessed using various sub-domains, CNAMEs and protocols. The problem with this is the question of where the true content resides.

Google does not like different URLs, for example ones with and without "www." to show the same content. They will penalize your site for doing this, it's duplicate content. The same is true with HTTPS.

The best practice is to 301 redirect all the alternative versions to a canonical one. You want to 301 redirect because it means permanently moved, as opposed to 302, which is meant only temporarily. A 301 redirect is essential if SEO matters at all for your website.

Redirecting Requests in ASP.NET Core

In ASP.NET Core, a request can be processed in code rather than relying on config files and the server, such as with a web.config file. This is much better because it allows adding conditional logic and gives more control on the response.

In an ASP.NET Core project, there is a "Configure" method, by adding rewrite rules to the application here, it is possible to redirect requests. To do this type of rewriting, install Microsoft.AspNetCore.Rewrite package from NuGet. Once installed, you can redirect requests.

Redirecting Non-HTTPS Requests

To redirect a non-secure, HTTP request to a secure, HTTPS request, there is a built in method in the Rewrite package. Simply find the "Configure" method in the Startup.cs file and edit it to contain the redirect you want. Note that you could put in conditional logic to only run this on a production environment.
The library also includes a "AddRedirectToHttpsPermanent" method if you want to use that. "AddRedirectToHttps" allows you to specify the status code explicitly.
If you need an SSL certificate for your website running on IIS, consider a free SSL from Let's Encrypt.

Redirecting WWW Requests

There is no built in method to redirect "www." requests so this requires writing a custom class which can be used with the rewrite options, the class implements the "IRule" interface. Create the following class somewhere in the web project:

Note that it's the second parameter in "Response.Redirect" which is responsible for setting "permanent" to "true". This is what is responsible for the 301 redirect. In this example, the redirect goes to the HTTP version, not the HTTPS version, you can easily edit that if you want to save on another redirect.

Once the class is in your project, add the rule to the options (add before calling "UseRewriter"):

By using this class as a new rule, a permanent redirect takes place for "www." traffic to the non-WWW version. If you needed to, you could reverse the logic and redirect non-WWW to the "www." version by editing the class.


Comments

No Comments

Post Comment

Prove you are human 13 + 13 =

Tagged: SSL


Join my email list!



ryan
About Me

With over 15 years in tech, I've excelled as a senior software engineer, specializing in ASP.NET, C#, SQL, Azure, and front-end technologies. I've led diverse projects across various sectors, from startups to global corporations, particularly during my decade in the San Francisco Bay Area.


Sign Up With SoftSys Hosting! (My host)