Hello All,
Securing your claims authenticated publishing web application specially FBA
sites is very important if your content have very valuable data , but what all
we need here is to secure the important pages in the site we are implementing
(Registration – Forget password – Login – any pages with valuable data “Visa
Cards, Enterprise data , etc …..”), the steps to approve that is
very simple .
1- First you have to plan the architecture and permission levels
for the anonymous and authenticated user (Optional)
2- Then you have to configure SSL over your web application pool or
the extended zone web application pool
3- You will notice that during the implementation for SSL that
Notice that even if you authenticate via https, your authentication isn’t
recognized when you switch over to http. The reason for this is because
SharePoint has hard-coded logic that says if it’s generating an authentication
token for an https connection, then turn on the SSL Only flag on the cookie. An
SSL Only flag means that the cookie can only be accessed via https. So as soon
as you change the address to http, your authentication cookie is no longer
recognized and you have to login again. The following post resolved this issue
Voila !! The important pages in your site is now secured ,
and can feel secure & safe J
Note: You can decide whether to secure the
whole site or specific pages in your site just a matter of implementation
and your business needs
No comments:
Post a Comment