Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Changing Cookie Names - ASP.NET Security

RSS
Modified on Tue, Dec 30, 2014, 10:08 AM by Administrator Categorized as ASP·NET MVC, ASP·NET Security, ASP·NET Web Forms

Overview

ASP.NET security can use cookies. One part of securing your ASP.NET site is to change the names of these cookies so as to obscure the technology underlying your website. This article explains how.

Procedure

Forms Authentication (Legacy)

Change or add the following setting in your web.config file: //configuration/system.web/authentication/forms/@name

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" defaultUrl="~" name="tokenA"  />
. . .

Forms Authentication

Change or add the following setting in your web.config file: //configuration/system.web/sessionState/@cookieName

<configuration>
  <system.web>
    <sessionState cookieName="tokenA" />
. . .

ASP.NET Identity

Add a line to within Startup.Auth.cs

public partial class Startup
{
	public void ConfigureAuth(IAppBuilder app)
	{
		app.UseCookieAuthentication(new CookieAuthenticationOptions
		{
			AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
			LoginPath = new PathString("/Account/Login"),

			/* Add the following line */
			CookieName = "tokenB" 

		});

		. . .
	}
}

Cross-Site Request Forgery

Add a line within your Global.asax.cs file.

public class MvcApplication : System.Web.HttpApplication
{
	protected void Application_Start()
	{
		System.Web.Helpers.AntiForgeryConfig.CookieName = "tokenC";
 . . .

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2018, Patrick Jasinski.