menu
Logo
  • Why azing?
  • Blog
  • Help
ENarrow_drop_down
  • DE
  • EN
Suche in Checklisten
search
azing Logo ENarrow_drop_down
  • DE
  • EN
  • Why azing?
  • Help
DNN Community
drive_folder_upload
  • homeChecklist Templates
  • south

folder_sharedOperations and Security

  • homeChecklist Templates
  • south

folder_sharedOperations and Security

Folders and checklists

  • folder_sharedHosting DNN
  • check_circleConfigure SameSite Cookies for IFrames
  • check_circleDNN-​Website Performance Training (2illumin8)
  • check_circleDNN-Issues Analysis Training (2illumin8)
  • check_circleDNN-Security Training (2illumin8)
  • infoUseful Tools to analyze Website-Issues

Parts (1) expand_more

These are small document-parts which are used in other documents. They are not a starting point for any real activity. Because of this, they will be listed further down and the search will not list them unless requested. 

  • infoGoals of the SameSite=None Secure httponly Cookie

It's super important to set our Cookies to SameSite, so that our DNN content can be used / embedded in other websites. These steps are based on the Microsoft SameSite docs. 

Pre-Requisites: .net 4.8

  1. Before you start, do make sure you understand the goals.
  2. .NET 4.8 Patches from Dezember 2019 or later must be installed on the Web Server. 
    Previous versions incl. 4.7 have various bugs related to the sameSite cookie, so it's never really going to work. 

Changes to web.config

  1. Increase ASP.Net Version to 4.8 
    <system.web>
      <compilation targetFramework="4.8"/>
      <httpRuntime targetFramework="4.8"/>
    </system.web>
  2. Adapt <httpCookies> settings in <system.web> like this 
    <system.web>
      <httpCookies sameSite="None" requireSSL="true" />
    <system.web>
  3. Update<forms> key in <authentication> settings in <system.web> like this 
    <forms ... cookieSameSite="None" requireSSL="true"/>
  4. Optionally also adapt cookies for anonymousIdentification and forms-authentication (see details). sessionState and roleManager is usually not relevant.
  5. Add app-setting to enable pre-4.5 JavaScript-Validation behavior.
    Note: In DNN 9 this is usually already set!
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    (Details)
Logo
Legal | Content Copyright CC-BY 4.0
bug_reportReport Bug
  • info
  • Links
  • Permissions
code Share
code
URL copied to clipboard.
Embed Checklist close
Copy Copy

It's really important to set our login cookies to SameSite, so that DNN content can be embedded into other websites using IFrames. Here's how. 

Content Copyright

CC-BY 4.0

Translations

None

DNN Community Logo

DNN Community
QR-Code
azing.org/dnn-community
/r/FGRVQ5Wl
View & Use

Public (can be used by everybody)

Edit & Admin

Default (all members can edit)

This catalog has a simple permission model, where all members have the same permissions. For advanced permissions, upgrade to Enterprise.

Here you can see how this document is used and linked by other documents

Used in (0)

Others referencing this

Uses these (1)

Documents linked from this document

  1. Goals of the SameSite=None Secure httponly Cookie
How it Behaves

How this document is categorized changes how it behaves.

This is a main document, it is listed normally and appears in search result.

Type

This is a Checklist. Lists are converted into checkboxes.

Get something to say?

Comment to start a discussion or make a note
send

please log on to chat

close

Durchsuche ganz Azing