Force SSL option added

src/Pages/_ViewStart.cshtml

@@ -9,6 +9,6 @@
 
     if (Context.Request.IsHttps)
     {
-        Context.Response.Headers["Strict-Transport-Security"] = "max-age=63072000";
+        Context.Response.Headers["Strict-Transport-Security"] = "max-age=63072000; includeSubDomains";
     }
 }

src/Startup.cs

@@ -3,6 +3,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Rewrite;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Net.Http.Headers;
@@ -73,6 +74,11 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
                 }
             });
 
+            if (Configuration.GetValue<bool>("forcessl"))
+            {
+                app.UseRewriter(new RewriteOptions().AddRedirectToHttps());
+            }
+
             app.UseMvc(routes =>
             {
                 routes.MapRoute(

src/appsettings.Production.json

@@ -1,4 +1,5 @@
 {
+  "forcessl": false, // Set to true if you run https
   "Logging": {
     "IncludeScopes": false,
     "Debug": {

src/appsettings.json

@@ -1,4 +1,5 @@
 {
+  "forcessl": false,
   "user": {
     "username": "demo",
     // Generate a new password hash with salt here https://onlinehasher.azurewebsites.net/