Ok..and Kestrel seems to be the .NET Core alternative to the OWIN stuff under .NET classic.

Yet another option…in my case the OWIN side is likely more interesting as I’m almost certainly going to be doing things that need interop or similar windows-centric functionality. Interesting as a Linux facing option though. May also be lower overhead in cases where a particular micro-service doesn’t need access to native capabilities.

I am also expecting to need some sort of SSL certificate to enable TLS on these links (don’t need the full commercial cert probably as these are likely going to be expose by IP address and not on the open web). I need to understand what is needed to deploy TLS, ideally with cert verification on both ends using certs I’ve created myself and that don’t correspond to a particular URL.

In this case I’m looking to ensure no MITM attacks and to encrypt the traffic but not to ensure much more than that. I don’t want further authentication to leak and I want to protect the connection (for example for a web UI on a small ‘appliance’ that may at times be exposed to an open internet connection).

Mostly saving these to read/watch in more detail later. Options on top of options here…

• What is Kestrel Web Server? How It Works, Benefits, and More

• Iris Go vs .NET Core Kestrel in terms of HTTP performance

• Go vs .NET Core in terms of HTTP performance

• Which Web Server are you using in production for ASP.NET Core on a *nix server?
• ASP.NET 5: Kestrel
• ASP.NET 5: Considerations for Production Linux Environments
• Learn Kestrel Webserver in 10 Minutes
• Kestrel – the new web server for ASP.NET 5
• Using Kestrel with ASP.NET 5

• Introduction to Kestrel web server implementation in ASP.NET Core

• Web server implementations in ASP.NET Core

• HTTP.sys web server implementation in ASP.NET Core

• ASP.NET Core Web Servers: Kestrel vs IIS Feature Comparison and Why You Need Both