強制使用 ASP.NET Core 中的 HTTPSEnforce HTTPS in ASP.NET Core

作者:Rick AndersonBy Rick Anderson

本文件說明如何:This document shows how to:

  • 需要 HTTPS 進行的所有要求。Require HTTPS for all requests.
  • 將所有 HTTP 要求重新都導向至 HTTPS。Redirect all HTTP requests to HTTPS.

沒有可用的 API 可以防止用戶端第一次要求中傳送機密資料。No API can prevent a client from sending sensitive data on the first request.

警告

API 專案API projects

請勿使用RequireHttpsAttribute接收機密資訊的 Web Api 上。Do not use RequireHttpsAttribute on Web APIs that receive sensitive information. RequireHttpsAttribute 若要從 HTTP 至 HTTPS 的瀏覽器重新導向,會使用 HTTP 狀態碼。RequireHttpsAttribute uses HTTP status codes to redirect browsers from HTTP to HTTPS. API 用戶端可能不了解,或是遵循從 HTTP 重新導向至 HTTPS。API clients may not understand or obey redirects from HTTP to HTTPS. 此類用戶端可能會透過 HTTP 傳送資訊。Such clients may send information over HTTP. Web Api 應執行下列之一:Web APIs should either:

  • 不在 HTTP 上接聽。Not listen on HTTP.
  • 關閉與狀態碼 400 (不正確的要求) 的連線,並不會提供要求。Close the connection with status code 400 (Bad Request) and not serve the request.

警告

API 專案API projects

請勿使用RequireHttpsAttribute接收機密資訊的 Web Api 上。Do not use RequireHttpsAttribute on Web APIs that receive sensitive information. RequireHttpsAttribute 若要從 HTTP 至 HTTPS 的瀏覽器重新導向,會使用 HTTP 狀態碼。RequireHttpsAttribute uses HTTP status codes to redirect browsers from HTTP to HTTPS. API 用戶端可能不了解,或是遵循從 HTTP 重新導向至 HTTPS。API clients may not understand or obey redirects from HTTP to HTTPS. 此類用戶端可能會透過 HTTP 傳送資訊。Such clients may send information over HTTP. Web Api 應執行下列之一:Web APIs should either:

  • 不在 HTTP 上接聽。Not listen on HTTP.
  • 關閉與狀態碼 400 (不正確的要求) 的連線,並不會提供要求。Close the connection with status code 400 (Bad Request) and not serve the request.

HSTS 和 API 專案HSTS and API projects

預設 API 專案不包含HSTS因為 HSTS 通常是瀏覽器的唯一指令。The default API projects don't include HSTS because HSTS is generally a browser only instruction. 其他呼叫端,例如電話或桌面應用程式,請勿遵循指示。Other callers, such as phone or desktop apps, do not obey the instruction. 甚至在瀏覽器中,呼叫一次驗證透過 HTTP API 會在不安全的網路上有風險。Even within browsers, a single authenticated call to an API over HTTP has risks on insecure networks. 安全的方法是設定為只接聽及回應透過 HTTPS 的 API 專案。The secure approach is to configure API projects to only listen to and respond over HTTPS.

需要 HTTPSRequire HTTPS

我們建議您的生產環境 ASP.NET Core web 應用程式呼叫:We recommend that production ASP.NET Core web apps call:

  • HTTPS 重新導向中介軟體 (UseHttpsRedirection) 將 HTTP 要求重新導向至 HTTPS。HTTPS Redirection Middleware (UseHttpsRedirection) to redirect HTTP requests to HTTPS.
  • HSTS 中介軟體 (UseHsts) 傳送給用戶端的 HTTP Strict Transport Security 通訊協定 (HSTS) 標頭。HSTS Middleware (UseHsts) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients.

注意

在反向 proxy 組態中部署的應用程式允許 proxy 處理連線安全性 (HTTPS)。Apps deployed in a reverse proxy configuration allow the proxy to handle connection security (HTTPS). 如果 proxy 也會處理 HTTPS 重新導向,則不需要使用 HTTPS 重新導向中介軟體。If the proxy also handles HTTPS redirection, there's no need to use HTTPS Redirection Middleware. 如果 proxy 伺服器也會負責編寫 HSTS 標頭 (例如原生 HSTS 支援 IIS 10.0 (1709) 或更新版本),HSTS 中介軟體不需要應用程式。If the proxy server also handles writing HSTS headers (for example, native HSTS support in IIS 10.0 (1709) or later), HSTS Middleware isn't required by the app. 如需詳細資訊,請參閱 < 退出的 HTTPS/HSTS 專案建立For more information, see Opt-out of HTTPS/HSTS on project creation.

UseHttpsRedirectionUseHttpsRedirection

下列程式碼會呼叫UseHttpsRedirectionStartup類別:The following code calls UseHttpsRedirection in the Startup class:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseMvc();
}

上述反白顯示的程式碼:The preceding highlighted code:

我們建議使用暫時重新導向,而不是永久重新導向。We recommend using temporary redirects rather than permanent redirects. 連結快取,會在開發環境中造成不穩定的行為。Link caching can cause unstable behavior in development environments. 如果您想要傳送的永久重新導向狀態碼,在非開發環境中應用程式時,請參閱設定在生產環境中的永久重新導向一節。If you prefer to send a permanent redirect status code when the app is in a non-Development environment, see the Configure permanent redirects in production section. 我們建議您使用HSTS來只保護資源的用戶端通知要求應傳送至 (只在生產環境) 中的應用程式。We recommend using HSTS to signal to clients that only secure resource requests should be sent to the app (only in production).

連接埠組態Port configuration

將不安全的要求重新導向至 HTTPS 連接埠必須適用於中介軟體。A port must be available for the middleware to redirect an insecure request to HTTPS. 如果沒有連接埠可用:If no port is available:

  • 不會發生重新導向至 HTTPS。Redirection to HTTPS doesn't occur.
  • 中介軟體會記錄警告 「 無法判定重新導向的 https 連接埠。 」The middleware logs the warning "Failed to determine the https port for redirect."

指定 HTTPS 連接埠,使用下列方法之一:Specify the HTTPS port using any of the following approaches:

  • 設定HttpsRedirectionOptions.HttpsPortSet HttpsRedirectionOptions.HttpsPort.

  • 設定ASPNETCORE_HTTPS_PORT環境變數或https_port Web 主機組態設定:Set the ASPNETCORE_HTTPS_PORT environment variable or https_port Web Host configuration setting:

    索引鍵: https_portKey: https_port
    類型stringType: string
    預設:未設定預設值。Default: A default value isn't set.
    設定使用UseSettingSet using: UseSetting
    環境變數:<PREFIX_>HTTPS_PORT (前置詞ASPNETCORE_使用時Web 主機。)Environment variable: <PREFIX_>HTTPS_PORT (The prefix is ASPNETCORE_ when using the Web Host.)

    設定時IWebHostBuilderProgram:When configuring an IWebHostBuilder in Program:

    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }
    
        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseSetting("https_port", "8080")
                .UseStartup<Startup>();
    }
    
  • 表示具有安全的配置使用的連接埠ASPNETCORE_URLS環境變數。Indicate a port with the secure scheme using the ASPNETCORE_URLS environment variable. 環境變數設定伺服器。The environment variable configures the server. 中介軟體間接探索透過 HTTPS 連接埠IServerAddressesFeatureThe middleware indirectly discovers the HTTPS port via IServerAddressesFeature. 這個方法不適用於反向 proxy 的部署。This approach doesn't work in reverse proxy deployments.

  • 在開發中,請在中設定的 HTTPS URL launchsettings.jsonIn development, set an HTTPS URL in launchsettings.json. 使用 IIS Express 時,請啟用 HTTPS。Enable HTTPS when IIS Express is used.

  • 設定向外公開 edge 部署的 HTTPS URL 端點Kestrel伺服器或HTTP.sys伺服器。Configure an HTTPS URL endpoint for a public-facing edge deployment of Kestrel server or HTTP.sys server. 只有一個 HTTPS 連接埠應用程式使用。Only one HTTPS port is used by the app. 中介軟體會探索透過連接埠IServerAddressesFeatureThe middleware discovers the port via IServerAddressesFeature.

注意

在反向 proxy 組態中,執行應用程式時IServerAddressesFeature無法使用。When an app is run in a reverse proxy configuration, IServerAddressesFeature isn't available. 使用本節中所述的其他方法的其中一個連接埠設定。Set the port using one of the other approaches described in this section.

使用 Kestrel 或 HTTP.sys 時做為向外公開邊緣伺服器,Kestrel 或 HTTP.sys 必須設定為接聽兩者:When Kestrel or HTTP.sys is used as a public-facing edge server, Kestrel or HTTP.sys must be configured to listen on both:

  • 會在重新導向用戶端的安全連接埠 (通常,在生產環境和開發 5001 443)。The secure port where the client is redirected (typically, 443 in production and 5001 in development).
  • 不安全的連接埠 (通常,在生產環境中為 80) 與開發中的 5000。The insecure port (typically, 80 in production and 5000 in development).

為了讓應用程式用戶端收到不安全的要求,並重新導向至安全的連接埠的用戶端必須能夠使用不安全的連接埠。The insecure port must be accessible by the client in order for the app to receive an insecure request and redirect the client to the secure port.

如需詳細資訊,請參閱 < Kestrel 端點組態ASP.NET Core 中的 HTTP.sys 網頁伺服器實作For more information, see Kestrel endpoint configuration or ASP.NET Core 中的 HTTP.sys 網頁伺服器實作.

部署案例Deployment scenarios

用戶端與伺服器之間的任何防火牆也必須開啟流量的通訊連接埠。Any firewall between the client and server must also have communication ports open for traffic.

如果要求轉送的反向 proxy 設定,使用轉送標頭中介軟體之前呼叫 HTTPS 重新導向中介軟體。If requests are forwarded in a reverse proxy configuration, use Forwarded Headers Middleware before calling HTTPS Redirection Middleware. 轉送標頭中介軟體更新Request.Scheme,並使用X-Forwarded-Proto標頭。Forwarded Headers Middleware updates the Request.Scheme, using the X-Forwarded-Proto header. 中介軟體允許重新導向 Uri 和其他安全性原則才能正常運作。The middleware permits redirect URIs and other security policies to work correctly. 轉送標頭中介軟體不使用時後, 端應用程式可能不會收到正確的配置和得到的重新導向迴圈。When Forwarded Headers Middleware isn't used, the backend app might not receive the correct scheme and end up in a redirect loop. 常見的使用者錯誤訊息是發生太多的重新導向。A common end user error message is that too many redirects have occurred.

部署至 Azure App Service 時,請依照下列中的指導方針教學課程:將現有的自訂 SSL 憑證繫結至 Azure Web AppsWhen deploying to Azure App Service, follow the guidance in Tutorial: Bind an existing custom SSL certificate to Azure Web Apps.

選項Options

下列醒目提示程式碼會呼叫AddHttpsRedirection設定中介軟體選項:The following highlighted code calls AddHttpsRedirection to configure middleware options:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddHsts(options =>
    {
        options.Preload = true;
        options.IncludeSubDomains = true;
        options.MaxAge = TimeSpan.FromDays(60);
        options.ExcludedHosts.Add("example.com");
        options.ExcludedHosts.Add("www.example.com");
    });

    services.AddHttpsRedirection(options =>
    {
        options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
        options.HttpsPort = 5001;
    });
}

呼叫AddHttpsRedirection時,才需要變更的值HttpsPortRedirectStatusCodeCalling AddHttpsRedirection is only necessary to change the values of HttpsPort or RedirectStatusCode.

上述反白顯示的程式碼:The preceding highlighted code:

在生產環境中設定永久重新導向Configure permanent redirects in production

中介軟體會預設為傳送Status307TemporaryRedirect與所有重新導向。The middleware defaults to sending a Status307TemporaryRedirect with all redirects. 如果您想要傳送的永久重新導向狀態碼,在非開發環境中應用程式時,包裝中介軟體選項的組態中的非開發環境的條件式檢查。If you prefer to send a permanent redirect status code when the app is in a non-Development environment, wrap the middleware options configuration in a conditional check for a non-Development environment.

設定時IWebHostBuilderStartup.cs:When configuring an IWebHostBuilder in Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    // IHostingEnvironment (stored in _env) is injected into the Startup class.
    if (!_env.IsDevelopment())
    {
        services.AddHttpsRedirection(options =>
        {
            options.RedirectStatusCode = StatusCodes.Status308PermanentRedirect;
            options.HttpsPort = 443;
        });
    }
}

HTTPS 重新導向中介軟體的替代方法HTTPS Redirection Middleware alternative approach

除了使用 HTTPS 重新導向中介軟體 (UseHttpsRedirection) 是使用 URL 重寫中介軟體 (AddRedirectToHttps)。An alternative to using HTTPS Redirection Middleware (UseHttpsRedirection) is to use URL Rewriting Middleware (AddRedirectToHttps). AddRedirectToHttps 也可以設定的狀態碼和連接埠重新導向為執行時。AddRedirectToHttps can also set the status code and port when the redirect is executed. 如需詳細資訊,請參閱 < URL 重寫中介軟體For more information, see URL Rewriting Middleware.

當重新導向至 HTTPS,而不需要額外的重新導向規則,我們建議使用 HTTPS 重新導向中介軟體 (UseHttpsRedirection) 本主題中所述。When redirecting to HTTPS without the requirement for additional redirect rules, we recommend using HTTPS Redirection Middleware (UseHttpsRedirection) described in this topic.

RequireHttpsAttribute用來要求 HTTPS。The RequireHttpsAttribute is used to require HTTPS. [RequireHttpsAttribute] 可以裝飾控制器或方法,或可以全域套用。[RequireHttpsAttribute] can decorate controllers or methods, or can be applied globally. 若要全域套用的屬性,新增下列程式碼ConfigureServicesStartup:To apply the attribute globally, add the following code to ConfigureServices in Startup:

// Requires using Microsoft.AspNetCore.Mvc;
public void ConfigureServices(IServiceCollection services)
{
    services.Configure<MvcOptions>(options =>
    {
        options.Filters.Add(new RequireHttpsAttribute());
    });

上述反白顯示的程式碼會要求所有要求都使用HTTPS; 因此,HTTP 要求會被忽略。The preceding highlighted code requires all requests use HTTPS; therefore, HTTP requests are ignored. 而下列反白顯示的程式碼會將所有 HTTP 要求都重新導向至 HTTPS:The following highlighted code redirects all HTTP requests to HTTPS:

// Requires using Microsoft.AspNetCore.Rewrite;
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();

    var options = new RewriteOptions()
       .AddRedirectToHttps();

    app.UseRewriter(options);

如需詳細資訊,請參閱 < URL 重寫中介軟體For more information, see URL Rewriting Middleware. 中介軟體也允許應用程式執行時重新導向設定的狀態碼或狀態碼和連接埠。The middleware also permits the app to set the status code or the status code and the port when the redirect is executed.

全域使用 HTTPS (options.Filters.Add(new RequireHttpsAttribute());) 是安全性最佳作法。Requiring HTTPS globally (options.Filters.Add(new RequireHttpsAttribute());) is a security best practice. [RequireHttps]屬性套用至所有控制器,不會比全域使用 HTTPS 來的安全。Applying the [RequireHttps] attribute to all controllers/Razor Pages isn't considered as secure as requiring HTTPS globally. 您無法保證[RequireHttps]新增新的控制器和 Razor 頁面時,屬性會套用。You can't guarantee the [RequireHttps] attribute is applied when new controllers and Razor Pages are added.

HTTP Strict Transport 安全性通訊協定 (HSTS)HTTP Strict Transport Security Protocol (HSTS)

每個OWASPHTTP Strict Transport Security (HSTS)是透過回應標頭使用的 web 應用程式所指定的選擇加入的安全性增強功能。Per OWASP, HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that's specified by a web app through the use of a response header. 瀏覽器支援 HSTS收到此標頭:When a browser that supports HSTS receives this header:

  • 瀏覽器會儲存可防止傳送的任何通訊透過 HTTP 的定義域的組態。The browser stores configuration for the domain that prevents sending any communication over HTTP. 瀏覽器會強制透過 HTTPS 的所有通訊。The browser forces all communication over HTTPS.
  • 瀏覽器會防止使用者使用不受信任或不正確的憑證。The browser prevents the user from using untrusted or invalid certificates. 瀏覽器會停用允許使用者暫時信任此種憑證的提示。The browser disables prompts that allow a user to temporarily trust such a certificate.

因為 HSTS 會強制執行用戶端就會有一些限制:Because HSTS is enforced by the client it has some limitations:

  • 用戶端必須支援 HSTS。The client must support HSTS.
  • HSTS 需要至少一個成功的 HTTPS 要求建立 HSTS 原則。HSTS requires at least one successful HTTPS request to establish the HSTS policy.
  • 應用程式必須檢查每個 HTTP 要求並重新導向或拒絕的 HTTP 要求。The application must check every HTTP request and redirect or reject the HTTP request.

ASP.NET Core 2.1 或更新版本會實作 HSTS 與UseHsts擴充方法。ASP.NET Core 2.1 or later implements HSTS with the UseHsts extension method. 下列程式碼會呼叫UseHsts應用程式不在開發模式:The following code calls UseHsts when the app isn't in development mode:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseMvc();
}

UseHsts 不建議在開發過程中因為 HSTS 設定高度快取瀏覽器。UseHsts isn't recommended in development because the HSTS settings are highly cacheable by browsers. 根據預設,UseHsts排除本機回送位址。By default, UseHsts excludes the local loopback address.

生產環境中實作 HTTPS 第一次,設定初始HstsOptions.MaxAge小的值,使用其中一種TimeSpan方法。For production environments implementing HTTPS for the first time, set the initial HstsOptions.MaxAge to a small value using one of the TimeSpan methods. 從設定值時數不超過一天的萬一您需要還原為 HTTP,HTTPS 基礎結構。Set the value from hours to no more than a single day in case you need to revert the HTTPS infrastructure to HTTP. 確定在 HTTPS 設定的持續性後,增加 HSTS 最大壽命值;常用的值為一年。After you're confident in the sustainability of the HTTPS configuration, increase the HSTS max-age value; a commonly used value is one year.

下列程式碼範例:The following code:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddHsts(options =>
    {
        options.Preload = true;
        options.IncludeSubDomains = true;
        options.MaxAge = TimeSpan.FromDays(60);
        options.ExcludedHosts.Add("example.com");
        options.ExcludedHosts.Add("www.example.com");
    });

    services.AddHttpsRedirection(options =>
    {
        options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
        options.HttpsPort = 5001;
    });
}
  • 設定 Strict 傳輸安全性標頭的預先載入的參數。Sets the preload parameter of the Strict-Transport-Security header. 預先載入不屬於RFC HSTS 規格,但要預先載入 HSTS 上全新安裝的站台的網頁瀏覽器支援。Preload isn't part of the RFC HSTS specification, but is supported by web browsers to preload HSTS sites on fresh install. 請參閱 https://hstspreload.org/ 以取得詳細資訊。See https://hstspreload.org/ for more information.
  • 可讓includeSubDomain,套用 HSTS 原則來裝載子網域。Enables includeSubDomain, which applies the HSTS policy to Host subdomains.
  • 明確設定為 60 天的 Strict 傳輸安全性標頭的最大壽命參數。Explicitly sets the max-age parameter of the Strict-Transport-Security header to 60 days. 如果未設定,預設值為 30 天。If not set, defaults to 30 days. 請參閱最大壽命指示詞如需詳細資訊。See the max-age directive for more information.
  • 新增example.com的主機,以排除清單。Adds example.com to the list of hosts to exclude.

UseHsts 排除下列 「 回送 」 主控件:UseHsts excludes the following loopback hosts:

  • localhost:IPv4 回送位址。localhost : The IPv4 loopback address.
  • 127.0.0.1:IPv4 回送位址。127.0.0.1 : The IPv4 loopback address.
  • [::1]:IPv6 回送位址。[::1] : The IPv6 loopback address.

選擇退出的 HTTPS/HSTS 專案建立Opt-out of HTTPS/HSTS on project creation

在某些後端服務案例中公開邊緣的網路處理連線安全性的位置,設定每個節點的連線安全性並非必要條件。In some backend service scenarios where connection security is handled at the public-facing edge of the network, configuring connection security at each node isn't required. Web 應用程式從 Visual Studio 中,或從範本產生dotnet 新命令啟用HTTPS 重新導向HSTSWeb apps generated from the templates in Visual Studio or from the dotnet new command enable HTTPS redirection and HSTS. 對於不需要這些案例的部署,您可以選擇退出的 HTTPS/HSTS 從範本建立應用程式。For deployments that don't require these scenarios, you can opt-out of HTTPS/HSTS when the app is created from the template.

若要退出 HTTPS/HSTS:To opt-out of HTTPS/HSTS:

取消核取設定為使用 HTTPS核取方塊。Uncheck the Configure for HTTPS check box.

顯示 HTTPS 核取方塊取消選取 [設定新的 ASP.NET Core Web 應用程式] 對話方塊。

信任 ASP.NET Core HTTPS 開發憑證,在 Windows 和 macOS 上Trust the ASP.NET Core HTTPS development certificate on Windows and macOS

.NET core SDK 包含 HTTPS 開發憑證。.NET Core SDK includes a HTTPS development certificate. 憑證會安裝為初次執行體驗的一部分。The certificate is installed as part of the first-run experience. 比方說,dotnet --info會產生類似下列輸出:For example, dotnet --info produces output similar to the following:

ASP.NET Core
------------
Successfully installed the ASP.NET Core HTTPS Development Certificate.
To trust the certificate run 'dotnet dev-certs https --trust' (Windows and macOS only).
For establishing trust on other platforms refer to the platform specific documentation.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.

安裝 .NET Core SDK 會將 ASP.NET Core HTTPS 開發憑證安裝至本機使用者憑證存放區。Installing the .NET Core SDK installs the ASP.NET Core HTTPS development certificate to the local user certificate store. 已安裝的憑證,但不是受信任。The certificate has been installed, but it's not trusted. 若要信任的憑證執行一次性的步驟,以執行 dotnetdev-certs工具:To trust the certificate perform the one-time step to run the dotnet dev-certs tool:

dotnet dev-certs https --trust

下列命令會提供 dev-certs 工具的說明:The following command provides help on the dev-certs tool:

dotnet dev-certs https --help

如何設定適用於 Docker 的開發人員憑證How to set up a developer certificate for Docker

請參閱此 GitHub 問題See this GitHub issue.

信任適用於 Linux 的 Windows 子系統的 HTTPS 憑證Trust HTTPS certificate from Windows Subsystem for Linux

Windows for Linux 子系統 (WSL) 會產生 HTTPS 的自我簽署的憑證。若要設定信任 WSL 憑證的 Windows 憑證存放區:The Windows Subsystem for Linux (WSL) generates a HTTPS self-signed cert. To configure the Windows certificate store to trust the WSL certificate:

  • 執行下列命令以匯出 WSL 產生憑證: dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <cryptic-password>Run the following command to export the WSL generated certificate: dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <cryptic-password>

  • 在 WSL 視窗中,執行下列命令: ASPNETCORE_Kestrel__Certificates__Default__Password="<cryptic-password>" ASPNETCORE_Kestrel__Certificates__Default__Path=/mnt/c/Users/user-name/.aspnet/https/aspnetapp.pfx dotnet watch runIn a WSL window, run the following command: ASPNETCORE_Kestrel__Certificates__Default__Password="<cryptic-password>" ASPNETCORE_Kestrel__Certificates__Default__Path=/mnt/c/Users/user-name/.aspnet/https/aspnetapp.pfx dotnet watch run

    上述命令會設定環境變數,因此 Linux 會使用 Windows 信任的憑證。The preceding command sets the environment variables so Linux uses the Windows trusted certificate.

其他資訊Additional information