Base solution for your next web application
Open Closed

Login Loop - Chrome Fails - IE Working - Hosted In IIS #8783

User avatar
0
dexmox created

Hi All,

Thank you in advance.

Sign in was working yesterday in chrome, and while i was logged in testing application i suddenly got logged out and havent been able to log back in to application (tenant or host) using chrome browser Version 80.0.3987.162 (Official Build) (64-bit)

Sign in is working in IE and Edge but not chrome.

Any ideas on what has happened and how to fix it would be greatly appreciated.

ANZ Version: 8.2.1 Jquery MVC Flavour

IIS Logs when login using IE:

INFO  2020-04-02 10:00:09,028 [10   ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://myiispc:44302/Account/Login application/x-www-form-urlencoded; charset=UTF-8 263
INFO  2020-04-02 10:00:09,067 [10   ] tCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
INFO  2020-04-02 10:00:09,068 [10   ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO  2020-04-02 10:00:09,080 [10   ] c.Infrastructure.ControllerActionInvoker - Route matched with {action = "Login", controller = "Account", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.JsonResult] Login(MyProjectName.Web.Models.Account.LoginViewModel, System.String, System.String, System.String) on controller MyProjectName.Web.Controllers.AccountController (MyProjectName.Web.Mvc).
INFO  2020-04-02 10:00:09,388 [8    ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application signed in.
INFO  2020-04-02 10:00:09,398 [8    ] tonsoftJson.NewtonsoftJsonResultExecutor - Executing JsonResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
INFO  2020-04-02 10:00:09,398 [8    ] c.Infrastructure.ControllerActionInvoker - Executed action MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc) in 317.9921ms
INFO  2020-04-02 10:00:09,398 [8    ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO  2020-04-02 10:00:09,398 [8    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 371.3745ms 200 application/json; charset=utf-8
INFO  2020-04-02 10:00:09,408 [9    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/App  
INFO  2020-04-02 10:00:09,432 [9    ] uthorization.DefaultAuthorizationService - Authorization was successful.

IIS Logs when login using CHROME:

INFO  2020-04-02 09:58:43,767 [8    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://myiispc:44302/Account/Login application/x-www-form-urlencoded; charset=UTF-8 263
INFO  2020-04-02 09:58:43,789 [8    ] tCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
INFO  2020-04-02 09:58:43,790 [8    ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO  2020-04-02 09:58:43,807 [8    ] c.Infrastructure.ControllerActionInvoker - Route matched with {action = "Login", controller = "Account", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.JsonResult] Login(MyProjectName.Web.Models.Account.LoginViewModel, System.String, System.String, System.String) on controller MyProjectName.Web.Controllers.AccountController (MyProjectName.Web.Mvc).
INFO  2020-04-02 09:58:44,116 [7    ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application signed in.
INFO  2020-04-02 09:58:44,126 [7    ] tonsoftJson.NewtonsoftJsonResultExecutor - Executing JsonResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
INFO  2020-04-02 09:58:44,127 [7    ] c.Infrastructure.ControllerActionInvoker - Executed action MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc) in 319.9621ms
INFO  2020-04-02 09:58:44,127 [7    ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO  2020-04-02 09:58:44,127 [7    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 360.2291ms 200 application/json; charset=utf-8
INFO  2020-04-02 09:58:44,139 [7    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/App  
INFO  2020-04-02 09:58:44,144 [7    ] uthorization.DefaultAuthorizationService - Authorization failed.
INFO  2020-04-02 09:58:44,145 [7    ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application was challenged.
INFO  2020-04-02 09:58:44,145 [7    ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 6.5394ms 302 
INFO  2020-04-02 09:58:44,148 [14   ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/Account/Login?ReturnUrl=%2FApp
Go to accepted answer
4 Answer(s)
  • User Avatar
    0
    dexmox created

    Solution was to add self signed certificate on myiispc - and use https. Not sure why it was working on http then stopped working on http during use though.

    Link to article if anyone wants to know how to create a self signed IIS certificate. https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html

  • User Avatar
    0
    maliming created
    Support Team

    hi @dexmox

    This is because chrome 80+ thinks your website is "not secure"!

    Reject insecure SameSite=None cookies

    Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected.

    The Stable version of Chrome 80 is targeted for enabling this feature by default. This feature is available as of Chrome 76 by enabling the cookies-without-same-site-must-be-secure flag.

    See https://www.chromium.org/updates/same-site for full timeline and more details.

    Zero already uses https.

    https://github.com/aspnetzero/aspnet-zero-core/issues/2950 https://github.com/aspnetzero/aspnet-zero-core/pull/2952

  • User Avatar
    0
    ISTeam created

    To use HTTPs URL is a good option. This issue persist even in development machine!

  • User Avatar
    0
    maliming created
    Support Team

    hi @ISTeam

    You can install the localhst https certificate.

    https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#trust-the-aspnet-core-https-development-certificate-on-windows-and-macos

Assignee
No one
Labels
Non yet