Secure Cookies in Sitefinity CMS
by
Stefani Tacheva
Posted on
December 12, 2013
The content you're reading is getting on in years.
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.
FedAuth, FedAuth1 and .ASPXAUTH are cookies connected to Claims and Forms Authentication. To secure these cookies you need to first secure the Sitefinity backend with SSL. You could find additional information regarding the configurations in our Sitefinity documentation and the following blog post. Note that all backend pages should require SSL and everything should be configured strictly.
RequireSsl should be set to true. The line could be found under:
FedAuth and FedAuth1 will be secured after the property requireSsl is set to true.
Then you need to add this line:
between:
The cookie .ASPXAUTH will be secured after the above line is added.
Then restart your project by making a dummy change in your web.config file. Run the project and clear all browser cookies.
Then you need to change the following lines in your web.config file:
<cookieHandler requireSsl="true"/>RequireSsl should be set to true. The line could be found under:
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>FedAuth and FedAuth1 will be secured after the property requireSsl is set to true.
Then you need to add this line:
<forms requireSSL="true"/>between:
<authentication mode="None"> //The above line should be placed here </authentication>The cookie .ASPXAUTH will be secured after the above line is added.
Then restart your project by making a dummy change in your web.config file. Run the project and clear all browser cookies.
Stefani Tacheva
View all posts from Stefani Tacheva on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
More from the author
Related Tags
Related Articles
Progress DataDirect Now Connects to Denodo
Progress DataDirect has added Denodo, a data virtualization software platform, to its catalog of connectors.
What Is the Difference Between SSO, 2FA and MFA?
Learn about the three main security protocols and their differences: Single Sign-On (SSO), Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA).
Website & App Security: What You Need to Know to Protect the Products You Build
What can you do to ensure that you’re not setting up your clients for failure or their end users for trouble? In this post, we’ll look at the four parts of a digital product that are the most vulnerable along with what you can do to secure those weak spots.
