Secure Cookies in Sitefinity CMS

Secure Cookies in Sitefinity CMS

Posted on December 12, 2013 0 Comments

The content you're reading is getting on in years
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.

FedAuth, FedAuth1 and .ASPXAUTH are cookies connected to Claims and Forms Authentication. To secure these cookies you need to first secure the Sitefinity backend with SSL. You could find additional information regarding the configurations in our Sitefinity documentation and the following blog post. Note that all backend pages should require SSL and everything should be configured strictly.

Then you need to change the following lines in your web.config file:

<cookieHandler requireSsl="true"/>

RequireSsl should be set to true. The line could be found under:

<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>

FedAuth and FedAuth1 will be secured after the property requireSsl is set to true.

Then you need to add this line:

<forms requireSSL="true"/>

between:
<authentication mode="None">
  //The above line should be placed here
   </authentication>

The cookie .ASPXAUTH will be secured after the above line is added.

Then restart your project by making a dummy change in your web.config file. Run the project and clear all browser cookies.

Stefani Tacheva

View all posts from Stefani Tacheva on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.

Comments

Comments are disabled in preview mode.
Topics

Sitefinity Training and Certification Now Available.

Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.

Learn More
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation