Navigation

	Home Page
	Index
	All Pages

Quick Search

Advanced Search »

Contributor Links

	Create a new Page
	Administration
	File Management
	Login/Logout
	Your Profile

Other Wiki Sections

Software

Page History: Changing Cookie Names - ASP.NET Security

Compare Page Revisions

« Older Revision - Back to Page History - Current Revision

Page Revision: Thu, Apr 17, 2014, 11:12 AM

Overview¶

ASP.NET security can use cookies. One part of securing your ASP.NET site is to change the names of these cookies so as to obscure the technology underlying your website. This article explains how.

Procedure¶

Forms Authentication (Legacy)¶

Change or add the following setting in your web.config file: //configuration/system.web/authentication/forms/@name

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" defaultUrl="~" name="tokenA"  />
. . .

Forms Authentication¶

Change or add the following setting in your web.config file: //configuration/system.web/sessionState/@cookieName

<configuration>
  <system.web>
    <sessionState cookieName="tokenA" />
. . .

ASP.NET Identity¶

Add a line to within Startup.Auth.cs

public partial class Startup
{
	public void ConfigureAuth(IAppBuilder app)
	{
		app.UseCookieAuthentication(new CookieAuthenticationOptions
		{
			AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
			LoginPath = new PathString("/Account/Login"),

			/* Add the following line */
			CookieName = "tokenB" 

		});

		. . .
	}
}

Cross-Site Request Forgery¶

Add a line within your Global.asax.cs file.

public class MvcApplication : System.Web.HttpApplication
{
	protected void Application_Start()
	{
		System.Web.Helpers.AntiForgeryConfig.CookieName = "tokenC";
 . . .

Jasinski Technical Wiki