{
  "instruction": "Enforce HTTPS with UseHttpsRedirection and UseHsts",
  "relevant_when": "Agent creates or modifies an ASP.NET Core application or sets up the middleware pipeline",
  "context": "Every ASP.NET Core app must enforce HTTPS. UseHttpsRedirection() redirects HTTP requests to HTTPS. UseHsts() sends the Strict-Transport-Security header telling browsers to only use HTTPS. HSTS should only be enabled in non-development environments to avoid localhost issues.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/aspnet-security-basics/SKILL.md",
      "tile": "tessl-labs/aspnet-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "https-redirection",
      "rule": "Agent calls app.UseHttpsRedirection() in the middleware pipeline",
      "relevant_when": "Agent creates or modifies an ASP.NET Core application"
    },
    {
      "name": "hsts-configured",
      "rule": "Agent calls app.UseHsts() for non-development environments with appropriate MaxAge",
      "relevant_when": "Agent creates or modifies an ASP.NET Core application"
    }
  ]
}

evals

skills

verifiers

authentication-configured.json

cors-configured.json

https-enforced.json

input-validation-added.json

rate-limiting-configured.json

security-headers-added.json

tile.json

tessl-labs/aspnet-security-basics

https-enforced.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

https-enforced.jsonverifiers/