English 中文(简体)
页: 1
原标题:asp.net secure cookies

I want to secure my cookies, i read about "HTTPOnly" and "Secure" cookie flags for the ASP.NET_SessionId cookie. I create new asp.net project in VS. And in fiddler in Inspectors -> raw i have:

Cookie: DXCurrentThemeMVC=Office2010Black; ASP.NET_SessionId=1gq0t1mi234xyljqnxrzbqfx

Then i modify web.config :

<system.web>
    <compilation debug="true" targetFramework="4.0" />

    <httpCookies httpOnlyCookies="true" requireSSL="true"/>

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" requireSSL="true" />
    </authentication>

但用同样的数据计算。

 Cookie: DXCurrentThemeMVC=Office2010Black; ASP.NET_SessionId=1gq0t1mi234xyljqnxrzbqfx

I think when i add <httpCookies httpOnlyCookies="true" requireSSL="true"/> i cant see cookies in fiddler, or cookies will be encrypted. Is this correct result ? Or i have mistake somewhere?

http://www.ohchr.org。

以及为什么在幼 in中看到

Set-Cookie: ASP.NET_SessionId=ig2fac55; path=/; secure; HttpOnly

but only cookie without set-, and secure, and HttpOnly also in firebug i see the same results

EDIT2 It seems like i find my problem: i host app on iis and in firebug look for cookies, and i have cookies with secure and httpOnly Flags:

ASP.NET_SessionId=98sfd90sdf89sd0f80s8; path=/; secure; HttpOnly
最佳回答

查阅

httpOnlyCookies sets the HttpOnly flags in response header. See Protecting Your Cookies: HttpOnly article.

RequireSSL 强迫通过安全渠道转移的 co,从而避免移走,并在运输过程中加以加密。

时间:2012-01-13 15:18:34
问题回答

确保库克群岛能够使用IDataProtector加密贵重物品

页: 1 班级:

private IDataProtector dataProtector;

public HomeController(IDataProtectionProvider provider)
{
    //TODO:Set Your Private Key
    dataProtector = provider.CreateProtector("YourPrivateKey");
}

您可以在其方法中使用:

public IActionResult SetNewCookie(string key,string value) {

        var cookieOptions = new CookieOptions();
        cookieOptions.Secure = true;
        cookieOptions.HttpOnly = true;

        HttpContext.Response.Cookies.Append(key,dataProtector.Protect(value),cookieOptions);
        return View(nameof(Index));
}

并且最后,为了贬低我们能够使用的 co价值:

dataProtector.Unprotect(value);

Im 还使用“CookieOptions”,并为更多的安全(如果你重新使用第三方软件,将更难获得厨师)设定安全可靠的和网上安全。

时间:2022-06-29 08:50:44


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Transaction handling with TransactionScope

I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...

时间:2009-11-05 09:45:28 回答:1 展示:1
System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

时间:2009-11-05 09:38:39 回答:2 展示:1
Microsoft.Contracts namespace

For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?

时间:2009-11-05 09:36:09 回答:2 展示:1
Separator line in ASP.NET

I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!

时间:2009-11-05 09:27:29 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全