November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Securing cookie for CMS over Load Balancer

Grzegorz Wittchen
Grzegorz Wittchen
Vote:
 

Hi guys,

I would like to say Hi for everyone cos it is my forst post on that forum. :)

I have an issue with securing cookie fro CMS admin area. I've used

requreSSL="true"

parameter on forms authorization section in web.config. I've also added SSL cert to load balancer and IIS server to have both connections secured.

Due to some needs by other parts of the solution i Have I've also added an URL rewrite rule as follows 


The thing is that i cannot login to CMS area, and I have internal server error 500.

Besides that in epi logs i have this exception:

2018-10-03 09:09:47,849 ERROR /Util/login.aspx EPiServer.Global: 1.2.5 Unhandled exception in ASP.NET
System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Web.HttpException (0x80004005): The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.
   at System.Web.Security.FormsAuthentication.SetAuthCookie(String userName, Boolean createPersistentCookie, String strCookiePath)



Could you help me with solving that please?

#197443
Edited, Oct 03, 2018 9:31
Tien Dung Nguyen
Tien Dung Nguyen
Vote:
 

It seems that the load balancer only sends HTTP requests (not HTTPS) to servers in that load balancing. And there isn't any https binding for the site on IISs.

In our case, Force Https is configured on the load balancer.

Hope that help.

#197486
Oct 04, 2018 4:47
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.