PREREQUISITES: You must have installed SSL on your site and you must have configured all backend pages to require SSL. For more information, see Administration: Configure SSL.
The FedAuth and .ASPXAUTH are cookies connected to Claims authentication. FedAuth is the cookie of the relaying party and .ASPXAUTH is the cookie of the STS.
NOTE: Depending on the size of the cookie, the relaying party can split the FedAuth cookie into more than one cookies, for example FedAuth and FedAuth1.
To secure the cookies, perform the following:
FedAuth cookie is secured.
.ASPXAUTH cookie is secured.
NOTE: If your STS is not integrated and has a separate web.config file, perform Step 2 in the web.config of the relaying party and Step 3 in the web.config of the STS.
The .SFAUTH is the cookie connected to Forms authentication.
To secure the .SFAUTH cookie, perform the following:
Back To Top