Object o = element.GetAttributeValue(keyValues) If (String.Equals(element.ElementTagName, elementTagName, StringComparison.OrdinalIgnoreCase))įor (int i = 0 i < keyValues.Length i += 2) Private static ConfigurationElement FindElement(ConfigurationElementCollection collection, string elementTagName, params string keyValues)įoreach (ConfigurationElement element in collection) Using(ServerManager serverManager = new ServerManager())Ĭonfiguration config = serverManager.GetApplicationHostConfiguration() ĬonfigurationSection sitesSection = config.GetSection("system.applicationHost/sites") ĬonfigurationElementCollection sitesCollection = sitesSection.GetCollection() ĬonfigurationElement siteElement = FindElement(sitesCollection, "site", "name", (siteElement = null) throw new InvalidOperationException("Element not found!") ĬonfigurationElement hstsElement = siteElement.GetChildElement("hsts") This commits the configuration settings to the appropriate location section in the nfig file. You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. AppCmd.exe appcmd.exe set config -section:system.applicationHost/sites "/.hsts.enabled:True" /commit:apphostĪppcmd.exe set config -section:system.applicationHost/sites "/.hsts.max-age:31536000" /commit:apphostĪppcmd.exe set config -section:system.applicationHost/sites "/.hsts.includeSubDomains:True" /commit:apphostĪppcmd.exe set config -section:system.applicationHost/sites "/.hsts.redirectHttpToHttps:True" /commit:apphost The sample sets max-age attribute as 31536000 seconds (a year), and enables both the includeSubDomains and the redirectHttpToHttps attributes. The following code samples enable HSTS for a web site named Contoso with both HTTP and HTTPS bindings. Finally, the redirectHttpToHttps attribute is set as true so that all HTTP requests to the site will be redirected to HTTPS. The includeSubDomains attribute is set as true to specify that the HSTS policy applies to this HSTS Host () as well as any subdomain (for example, or ). The max-age attribute is set as 31536000 seconds (a year) so that the user agents will regard the host as a Known HSTS Host within a year after the reception of the Strict-Transport-Security header field. The following configuration sample shows a web site named Contoso that has HSTS enabled with both HTTP and HTTPS bindings. Make sure that the redirection destination provides HTTP-based service over TLS/SSL on standard port 443. When IIS redirects an HTTP request, it replaces the URI scheme with "https" and ignores the port component. Note: Enabling redirectHttpToHttps enforces the site-level HTTP to HTTPS redirection. Specifies whether HTTP to HTTPS redirection is enabled ( true) or disabled ( false) for a site. Note: Enable this attribute only if the domain of the site has been submitted for inclusion in the HSTS preload list. Specifies whether the preload directive is included in the Strict-Transport-Security HTTP response header field value. Note: Enable this attribute only if all subdomains indeed offer HTTP-based service over TLS/SSL. Specifies whether the includeSubDomains directive is included in the Strict-Transport-Security HTTP response header field value. Specifies the max-age directive in the Strict-Transport-Security HTTP response header field value. If HSTS is enabled, the Strict-Transport-Security HTTP response header is added when IIS replies an HTTPS request to the web site. Specifies whether HSTS is enabled ( true) or disabled ( false) for a site. For examples of how to configure the element of the element programmatically, see the Sample Code section of this document. There is no user interface that lets you configure the element of the element for IIS 10.0 version 1709. The element of the element is included in the default installation of IIS 10.0 version 1709 and later. The element of the element was introduced in IIS 10.0 version 1709. If the element is configured in both the section and in the section for a specific site, the configuration in the section is used for that site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |