.Net 应用程序中未将安全标志设置为 Cookies
[英]Secure flag not set to Cookies in .Net application
问题描述
I have included below lines of code in my Web.Config and Global.asax.cs file.
我在我的 Web.Config 和 Global.asax.cs 文件中包含了以下代码行。 Still when I use developer tools in browser I could see secure flag not set to the below Cookies.仍然当我在浏览器中使用开发人员工具时,我可以看到安全标志未设置为下面的 Cookie。
Also Configured SSLSettings in my IIS(Selected checkbox requireSSL).还在我的 IIS 中配置了 SSLSettings(选中的复选框需要 SSL)。
I would like to set Secure attribute to all Cookies not only to received but also to Sent cookies.我想为所有 Cookie 设置 Secure 属性,不仅要接收,还要设置发送的 cookie。 Any suggestion please.请提出任何建议。
In Web.config:在 Web.config 中:
<httpCookies requireSSL="true"/>
In Global.asax.cs:在 Global.asax.cs 中:
protected void Application_EndRequest(object sender, EventArgs e)
{
if (Request.IsSecureConnection == true && HttpContext.Current.Request.Url.Scheme == "https")
{
Request.Cookies["ASP.NET_SessionID"].Secure = true;
if (Request.Cookies.Count > 0)
{
foreach (string s in Request.Cookies.AllKeys)
{
Request.Cookies[s].Secure = true;
}
}
Response.Cookies["ASP.NET_SessionID"].Secure = true;
if (Response.Cookies.Count > 0)
{
foreach (string s in Response.Cookies.AllKeys)
{
Response.Cookies[s].Secure = true;
}
}
}
}
In Browser:在浏览器中:
1 个解决方案
解决方案1
1 2017-09-15 08:50:59
There are two ways, one httpCookies element in web.config allows you to turn on requireSSL which only transmit all cookies including session in SSL only and also inside forms authentication, but if you turn on SSL on httpcookies you must also turn it on inside forms configuration too.有两种方法,web.config 中的一个 httpCookies 元素允许您打开 requireSSL,它只传输所有 cookie,包括仅在 SSL 中的会话以及表单认证,但是如果您在 httpcookies 上打开 SSL,您也必须在表单内部打开它配置也是。
<form>
<httpCookies requireSSL="true" />
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.