How To Enforce TLS in Forms Authentication (IIS)

Article sections

Using TLS for Forms Authentication will ensure the confidentiality of credentials during the login process and mitigate the risk of intercepting user details.

1. Open IIS Manager and navigate to the site, application, or virtual directory you want to configure for TLS.

2. In the IIS Section (Features View), double-click Authentication.

3. On the Authentication page, select Forms Authentication.

4. In the Actions pane, click Edit (Enable if neccessary).

5. Check the Requires SSL checkbox in the cookie settings section, click OK.

6. Open the web.config file for the application in which forms authentication is enabled.

7. Confirm the requireSSL attribute in the forms element is set to true.

< system.web>
<authentication>
< forms requireSSL=”true” />
</ authentication>
</ system.web>

Last Updated: 4 years ago in Web Server

How to enforce HttpOnly attribute on cookies (Apache)
How to Disable HTTP TRACE Method (Apache)
How to Disable Unneeded HTTP Request Methods (Apache)
How to Remove Apache Version Banner
How to Disable User Directories Modules in Apache HTTP Server
How to enforce HttpOnly attribute on cookies (IIS)

Article sections

Related Articles

Recent Posts