Needing to update IIS web.config to secure cookies by adding SSL.
Web.Config currently contains the following snippet.
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
</system.web>
</configuration>
Wanting to update system.web section as follows.
Need to modify (Assume you would use Set-WebConfiguration)
<authentication mode="Forms"> to <authentication mode="Forms" requireSSL="true">
Need to add (Assume you would use Add-WebConfiguration
<httpCookies httpOnlyCookies="true" />
Have used the following successfully to update web.config,
Add-WebConfigurationProperty -pspath "iis:SitesFMC" -filter "/appSettings" -name "." -Value @{key='fmcDataContextType';value='SqlRepository.fmcDataContext'}
But can’t seem to get the right format for this purpose.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
For requireSSL:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.web/authentication/forms" -name "requireSSL" -value "True"
for httpOnlyCookies use:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.web/httpCookies" -name "httpOnlyCookies" -value "True"
for adding httpOnlyCookies use:
Add-WebConfigurationProperty //system.web 'MACHINE/WEBROOT/APPHOST/Default Web Site' -Name httpCookies -Value "True"
you have to replace Default Web Site with the name of your site.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0