Error when setting require SSL=true Asp.net

Question

I am working in an Asp.net application with forms authentication. On my web.config I had set the requiressl property=true.

I have been working on development without any problem but when I deploy it on my test environment I got the next error:

The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL."

The error is raised on

at System.Web.Security.FormsAuthentication.SetAuthCookie(String userName, Boolean createPersistentCookie, String strCookiePath) at System.Web.Security.FormsAuthentication.RedirectFromLoginPage

So my questions are why is FormsAuthentication.SetAuthCookie setting the cookie over http? and how can I set it to be over https??

Answer 1

I think you should configure your IIS in order to accept SSL connections for your site.

https://learn.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis

You should pay attention if you activate SSL for your site and if you don't have a Valid SSL Certificate, users will see a warning when they open your site: Continue with this website (Not recommended). And most of the time people don't choose this option.

And it can be more complicated. For me, you should buy an SSL certificate from a provider. You should install it on your server. In order to ensure that your clients will browse your site under https://, you should redirect any connection to your site to https://.

Here is a link which is very useful :

https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https