Hi,
Following an audit by our vulnerability risk management unit, we received a report detailing several security vulnerabilities and the necessary steps for mitigation. The recommended actions include:
▪ Enforcing HTTPS across all paths at the application tier, ARR/IIS edge, and load balancer.
▪ Implementing HSTS on all HTTPS responses once HTTPS readiness is confirmed.
▪ Configuring all session, authentication, and anti-forgery cookies with the "Secure" attribute and eliminating duplicate ASP.NET_SessionId issuance.
While the updated solution functions correctly on my local machine, I have encountered multiple issues after deploying to the test web server and installing URL Rewrite.
When accessing and logging into the application via IIS Manager, the application opens but the formatting is incorrect (Screenshot 1); however, when I attempt to login through the URL from my local machine it simply redirects back to the login page. The developer tools indicate a "404 Not Found" error with a "strict-origin-when-cross-origin" policy for the following resources:https://kendo.cdn.telerik.com/2024.4.1112/kendo.all.min.js (Screenshot 2) and
https://kendo.cdn.telerik.com/2024.4.1112/kendo.aspnetmvc.min.js (Screenshot 3).
How do I resolve this issue? Is the issue in my config file (Screenshot 4) or the URL Rewrite module?
I am including screenshots of the issues.
Thanks,
Trena