There're 4 website URL variations:
http://domain.com (naked domain)
Ideally, when user access any of these URLs, the requests should be redirect to https://www.domain.com.
This can be split to 2 tasks: Redirect to https and Redirect to www.domain.com. Let's resolve it step by step.
1. Redirect to https
Make 2 change in Startup.cs file:
1) Add redirect to Configure method
2) Add https port number to ConfigureServices method
options.HttpsPort = 443;
2. Redirect to www.domain.com
1) Open URL Rewrite in IIS Manager
If you don't have URL Rewrite, please download and install from here,
2) Add Canonical domain name
Click "Add Rules", then click "Add Canonical domain name".
3) Save the rule
Enter www.domain.com, click Save. The change will be save to web.config file. You may want to save the change to your server environment.
3. Verify the setting
If you accessed https://domain.com in the past, the SSL certificate will be cached in the browser. So even the https redirect isn't set properly, you won't be able to see the issue unless clear the browser cache first. A better way to test is using Chrome incognito mode, or private mode.