Working With SSL Certificate Warning in MVC 5 Application


This article explains the accessibility of OAuth 2.0 in the ASP.NET MVC 5 Web Application. We can use various types of external authentication providers like Facebook, Google, Microsoft and Twitter in MVC 5 applications to log in.

In the same context, I am very excited to describe that now you will not receive any type of SSL Certificate warnings when you enable SSL for the MVC application. Previously while enabling the SSL in the MVC application, the browser like IE, Chrome and Firefox showed a SSL Certificate warning. You can refer to Working with Facebook in MVC and check out in the Step 8 of Creating and Working with Facebook App as in the following screenshot:

SSL Waring in Internet Explorer

With the use of the following article you will not receive the SSL Certificate Warning in most browsers including IE and Chrome. Firefox will show the warning because Firefox uses its own certificate store, so it will display the warning. We'll see it later in this article.

So, let's develop the application to work with the external providers. Here I am also describing how to develop the app on Google and authenticating the MVC application by the app on Google. Please use the following procedure:

  • Creating ASP.NET MVC 5 Web Application
  • Enabling and Setting Up the SSL

Creating ASP.NET MVC 5 Web Application

In this section you will create the web application in the Visual Studio 2013 using the following procedure.

Step 1: Open Visual Studio 2013 and click on "New Project".

Create New Project in Visual Studio 2013

Step 2: Select the ASP.NET Web Application and enter the application name.

Create New Web Application

Step 3: Select the MVC Project Template to develop the application.

Mvc Project Template

Visual Studio automatically creates the MVC 5 application and you can execute the application by ressing Ctrl+ F5 or F5.

Mvc 5 Home Page

Enabling and Setting Up the SSL

We need to set up the IIS Express to use SSL to connect with the external authentication providers like Google and Facebook. It's important to contiinue using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password and without using SSL you're sending it in clear-text across the wire.

Use the following procedure.

Step 1: In the Solution Explorer, select the application and press the F4 key.

Step 2: Enable the SSL Enabled option and copy the SSL URL.

SSL Settings of MVC Application

Step 3: Now just right-click on the application and select the Properties option.

Step 4: Select the Web tab from the left pane, and paste the SSL URL into the Project URL box.

Project Url Settings in Mvc Application

Step 5: Select the HomeController.cs from the Controllers folder and add the following highlighted code to edit:

  1. namespace MvcAuthenticationApp.Controllers  
  2. {  
  3.     [RequireHttps]  
  4.     public class HomeController : Controller  
  5.     {  
  6.         public ActionResult Index()  
  7.         {  
  8.             return View();  
  9.         }  
  10.     }  
  11. } 

In the code above the RequireHttps attribute is used to require that all requests must use HTTPS.

Step 6: Now press Ctrl+F5 to run the application and follow the instructions to trust the self-signed certificate generated by IIS Express.

SSL Warning dusring Mvc Application in  Visual Studio

Step 7: After clicking on Yes, the Security Warning wizard opens and click Yes to install the certificate representing the localhost.

Security Warning in Mvc Application

Step 8: Now, when you run the application using Internet Explorer (IE), it shows the Home Page of the application and there is no SSL warning.

Mvc Application after Certification

The same thing for Google Chrome as in the following:

Mvc Application after Certification in Chrome

Firefox will show the warning because, as I said earlier, Firefox uses its own certificate store, so it will display the warning.

Mvc Application after Certification in Firefox


This article explained that you can apply the RequireHttps attribute so that all requests use the HTTPS for IIS Express. With the use of this most browsers will not show the SSL Certificate warning during the MVC application execution. Thanks for reading.