In order to secure your ASP Session cookie and the Forms Authentication cookie perform the following steps:
- Ensure that there is an SSL certificate installed for the Secret Server instance
- Log in to Secret Server using HTTPS
- Navigate to the Administration -> Configuration page
- Click on the ‘Security’ Tab and click the Edit button
- Check the ‘Force HTTPS/SSL’ checkbox
- Click the Save button
- Open the web-cookies.config file in the Secret Server installation folder
- Set ‘requireSSL’ to true
- Save and Close the file
- Open the web-auth.config file in the Secret Server installation folder
- Set ‘requireSSL’ to true (Add the attribute requireSSL="true" to the forms tag if not exists)
- Save and Close the file
- Recycle the Secret Server application pool
- Log out of Secret Server and then log in using https
Article ID: 150, Created On: 3/10/2011, Modified: 5/4/2011