Click here to Skip to main content
15,888,816 members
Search within:


My ASP.NET web application did not make use of the HTTP strict transport security (HSTS) mechanism.
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
ASP.NET
security
 
Hi

My ASP.NET Web application did not make use of the HTTP Strict Transport Security (HSTS) mechanism.

This could potentially expose users to Man in the Middle (MitM) attacks.

When a web application uses HSTS, it specifies that users must connect using HTTPS and that communication should cease if there are any errors in the certificate chain.

In this way, users are prevented from clicking through certificate errors or accessing the application over a compromised channel.

How to implement HSTS

How Can I Prevent exposing users to Man in the Middle (MitM) attacks?


What I have tried:

Tried to add HSTS to a web application by setting the 'Strict-Transport-Security' header in all server responses.
Posted
Updated 3-Jul-17 12:34pm
Add a Solution

1 solution

This article provide some guidance on how to implement the mentioned security policy which enforces all the communications to send over HTTPS.

How to enable HTTP Strict Transport Security (HSTS) in IIS7+ - Scott Hanselman[^]

Here additional reading for you if you interested on how to implement HTTP Public Key Pinning (HPKP) security policy/control.
Insecure Transport – Missing Public Key Pinning[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Jul 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900