Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Changing Cookie Names - ASP.NET Security

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Thu, Apr 17, 2014, 10:58 AM


Overview

ASP.NET security can use cookies. One part of securing your ASP.NET site is to change the names of these cookies so as to obscure the technology underlying your website. This article explains how.

Procedure

Forms Authentication (Legacy)

Change or add the following setting in your web.config file: //configuration/system.web/authentication/forms/@name

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" defaultUrl="~" name="<span class='param'>tokenA</span>"  />
. . .

Forms Authentication

Change or add the following setting in your web.config file: //configuration/system.web/sessionState/@cookieName

<configuration>
  <system.web>
    <sessionState cookieName="<span class='param'>tokenA</span>" />
. . .

ASP.NET Identity

Add a line to within Startup.Auth.cs

public partial class Startup
{
	public void ConfigureAuth(IAppBuilder app)
	{
		app.UseCookieAuthentication(new CookieAuthenticationOptions
		{
			AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
			LoginPath = new PathString("/Account/Login"),

			/* Add the following line */
			CookieName = "<span class='param'>tokenB</span>" 

		});

		. . .
	}
}

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.