Secure Flag for ASPXAUTH Cookie

后端未结

关注

 4  588

天涯浪人 2021-02-07 21:37

We have an externally facing application which was penetration-tested by an external security company. Application has been developed on ASP.NET MVC4 and running on IIS8/Windows

4条回答

无人及你 (楼主)

2021-02-07 22:11
Your issue looks to be that because your form is incorrectly configured. You have:
and you should have
According to Microsoft the requireSSL attribute in the httpCookies tag is overridden by the requireSSL attribute of the forms tag. You didn't set the value, but you specified it may cause IIS to use the default of false. You should set it to true.
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...