1

I am working in an Asp.net application with forms authentication. On my web.config I had set the requiressl property=true.

I have been working on development without any problem but when I deploy it on my test environment I got the next error:

The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL."

The error is raised on

at System.Web.Security.FormsAuthentication.SetAuthCookie(String userName, Boolean createPersistentCookie, String strCookiePath) at System.Web.Security.FormsAuthentication.RedirectFromLoginPage

So my questions are why is FormsAuthentication.SetAuthCookie setting the cookie over http? and how can I set it to be over https??

Improve this question
3
  • 1
    Does your production server use SSL? Does the ULR start with https: ? Commented Feb 26, 2019 at 12:58
  • Yes it uses SSL Commented Feb 26, 2019 at 14:03
  • I have the same problem everything is https & I have a cert yet I get this error. Traffic is redirected from http to https by our F5 & uses port 80. Commented May 15, 2021 at 15:40

1 Answer 1

Reset to default
2

I think you should configure your IIS in order to accept SSL connections for your site.

https://learn.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis

You should pay attention if you activate SSL for your site and if you don't have a Valid SSL Certificate, users will see a warning when they open your site: Continue with this website (Not recommended). And most of the time people don't choose this option.

And it can be more complicated. For me, you should buy an SSL certificate from a provider. You should install it on your server. In order to ensure that your clients will browse your site under https://, you should redirect any connection to your site to https://.

Here is a link which is very useful :

https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

true.. require ssl means the app wont take http traffic. you still need to redirect http to https in IIS... and guess what.. there is no easy way to do that.. damn you IIS. you will need to use the rewrite plugin or remove the require ssl and do a hard redirect in the app it self. fyi: dotnet core does a hard redirect

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.