Chat now with support
Chat with Support

Identity Manager 9.1 - Web Designer Web Application Configuration Guide

About this guide Configuring the Web Portal WebAuthn security keys Configuring the Application Governance Module Configuring the Password Reset Portal Recommendations for secure operation of web applications

Creating X-Frame-Options HTTP response header

Attackers can create their own website and use it to load the contents of your website within an iframe. This can result in a clickjacking attack, whereby the attacker targets user input or tricks the user into performing undesired actions within the fake application.

To prevent this, you can create an X-Frame-Option HTTP response header. This stops site content from being embedded into other websites.

To create an X-Frame-Option HTTP response header

  1. Open the configuration file web.config for the chosen web application.

  2. In the <configuration> section, enter the following code snippet:

    <httpProtocol>
        <customHeaders>
            <add name="X-Frame-Options" value="SAMEORIGIN" />
        </customHeaders>
    </httpProtocol>
  3. Save the file.

Running web applications in release mode

To prevent user session from being stolen, run your web applications in release mode. This stops the session ID being given in the HTML code.

To run web applications in release mode

  1. Start the Web Designer program.

  2. In the menu bar, click View > Start page.

  3. In the toolbar, click Select web application and select the web application you want to use.

  4. Click Edit web application settings.

  5. Deselect the Debugging check box.

    TIP: If the check box is not set anyway, you do not have to do anything. You web application is now running in release mode.

  6. Click OK.

  7. Restart the Web Designer.

  8. On the start page, select a web application and click Release (Compile for release).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating