From 509f791f106d289beb544b23a1c15bd44f97d3c0 Mon Sep 17 00:00:00 2001
From: Justin Kotalik <jkotalik12@gmail.com>
Date: Tue, 31 Oct 2017 16:15:13 -0700
Subject: [PATCH] [WIP] Adds Hsts and HttpsRedirection to templates (#128)

---
 .../content/RazorPagesWeb-CSharp/Startup.cs                 | 3 +++
 .../content/StarterWeb-CSharp/Startup.cs                    | 3 +++
 .../content/WebApi-CSharp/Startup.cs                        | 6 ++++++
 3 files changed, 12 insertions(+)

diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/RazorPagesWeb-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/RazorPagesWeb-CSharp/Startup.cs
index da13981417..10cccd3773 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/RazorPagesWeb-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/RazorPagesWeb-CSharp/Startup.cs
@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Http;
 #endif
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.HttpsPolicy;
 #if (OrganizationalAuth)
 using Microsoft.AspNetCore.Mvc.Authorization;
 #endif
@@ -121,8 +122,10 @@ namespace Company.WebApplication1
             else
             {
                 app.UseExceptionHandler("/Error");
+                app.UseHsts();
             }
 
+            app.UseHttpsRedirection();
             app.UseStaticFiles();
 
 #if (OrganizationalAuth || IndividualAuth)
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/StarterWeb-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/StarterWeb-CSharp/Startup.cs
index ccbe1a3cdb..30681781df 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/StarterWeb-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/StarterWeb-CSharp/Startup.cs
@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 #endif
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 #if (OrganizationalAuth && OrgReadAccess)
@@ -95,8 +96,10 @@ namespace Company.WebApplication1
             else
             {
                 app.UseExceptionHandler("/Home/Error");
+                app.UseHsts();
             }
 
+            app.UseHttpsRedirection();
             app.UseStaticFiles();
 
 #if (OrganizationalAuth || IndividualAuth)
diff --git a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/WebApi-CSharp/Startup.cs b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/WebApi-CSharp/Startup.cs
index 13a6989a81..6944cbf590 100644
--- a/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/WebApi-CSharp/Startup.cs
+++ b/src/Microsoft.DotNet.Web.ProjectTemplates.2.1/content/WebApi-CSharp/Startup.cs
@@ -4,6 +4,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.HttpsPolicy;
 #if (OrganizationalAuth || IndividualB2CAuth)
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -49,7 +50,12 @@ namespace Company.WebApplication1
             {
                 app.UseDeveloperExceptionPage();
             }
+            else
+            {
+                app.UseHsts();
+            }
 
+            app.UseHttpsRedirection();
 #if (OrganizationalAuth || IndividualAuth)
             app.UseAuthentication();
 #endif