Securing ASP Cookies

This topic only applies to Secret Server On-Premises.

To secure your ASP session and forms authentication cookies, perform the following steps:

  1. Ensure that there is an SSL certificate installed for the instance.

  2. Log in to Secret Server using HTTPS.

  3. Navigate to the Admin > Configuration page

  4. Click on the Security tab.

  5. Click the Edit button

  6. Check the Force HTTPS/SSL check box

  7. Click the Save button.

  8. Open the web-cookie.config file in the application installation folder.

  9. Set requireSSL to true.

    Save and Close the file.

  10. Open the web-auth.configfile in the application installation folder.

  11. Set requireSSL to true . If the attribute does not exist, add it to the forms tag.

    Save and Close the file.

  12. Recycle the Secret Server's application pool.

If you later migrate Secret Server to a new server, SSL must be configured on the new server before you can log in due to these settings. If you want to log in prior to configuring SSL, reverse steps 8 through 13 and recycle the application pool.