More in this section
Blogs RSS feed

Secure Cookies in Sitefinity CMS

by Stefani Tacheva
FedAuth, FedAuth1 and .ASPXAUTH are cookies connected to Claims and Forms Authentication. To secure these cookies you need to first secure the Sitefinity backend with SSL. You could find additional information regarding the configurations in our Sitefinity documentation and the following blog post. Note that all backend pages should require SSL and everything should be configured strictly.

Then you need to change the following lines in your web.config file:

<cookieHandler requireSsl="true"/>

RequireSsl should be set to true. The line could be found under:

<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>

FedAuth and FedAuth1 will be secured after the property requireSsl is set to true.

Then you need to add this line:

<forms requireSSL="true"/>

<authentication mode="None">
  //The above line should be placed here

The cookie .ASPXAUTH will be secured after the above line is added.

Then restart your project by making a dummy change in your web.config file. Run the project and clear all browser cookies.

Leave a comment