Hi All,
Thank you in advance.
Sign in was working yesterday in chrome, and while i was logged in testing application i suddenly got logged out and havent been able to log back in to application (tenant or host) using chrome browser Version 80.0.3987.162 (Official Build) (64-bit)
Sign in is working in IE and Edge but not chrome.
Any ideas on what has happened and how to fix it would be greatly appreciated.
ANZ Version: 8.2.1 Jquery MVC Flavour
IIS Logs when login using IE:
INFO 2020-04-02 10:00:09,028 [10 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://myiispc:44302/Account/Login application/x-www-form-urlencoded; charset=UTF-8 263
INFO 2020-04-02 10:00:09,067 [10 ] tCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
INFO 2020-04-02 10:00:09,068 [10 ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO 2020-04-02 10:00:09,080 [10 ] c.Infrastructure.ControllerActionInvoker - Route matched with {action = "Login", controller = "Account", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.JsonResult] Login(MyProjectName.Web.Models.Account.LoginViewModel, System.String, System.String, System.String) on controller MyProjectName.Web.Controllers.AccountController (MyProjectName.Web.Mvc).
INFO 2020-04-02 10:00:09,388 [8 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application signed in.
INFO 2020-04-02 10:00:09,398 [8 ] tonsoftJson.NewtonsoftJsonResultExecutor - Executing JsonResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
INFO 2020-04-02 10:00:09,398 [8 ] c.Infrastructure.ControllerActionInvoker - Executed action MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc) in 317.9921ms
INFO 2020-04-02 10:00:09,398 [8 ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO 2020-04-02 10:00:09,398 [8 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 371.3745ms 200 application/json; charset=utf-8
INFO 2020-04-02 10:00:09,408 [9 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/App
INFO 2020-04-02 10:00:09,432 [9 ] uthorization.DefaultAuthorizationService - Authorization was successful.
IIS Logs when login using CHROME:
INFO 2020-04-02 09:58:43,767 [8 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://myiispc:44302/Account/Login application/x-www-form-urlencoded; charset=UTF-8 263
INFO 2020-04-02 09:58:43,789 [8 ] tCore.Cors.Infrastructure.CorsMiddleware - No CORS policy found for the specified request.
INFO 2020-04-02 09:58:43,790 [8 ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO 2020-04-02 09:58:43,807 [8 ] c.Infrastructure.ControllerActionInvoker - Route matched with {action = "Login", controller = "Account", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.JsonResult] Login(MyProjectName.Web.Models.Account.LoginViewModel, System.String, System.String, System.String) on controller MyProjectName.Web.Controllers.AccountController (MyProjectName.Web.Mvc).
INFO 2020-04-02 09:58:44,116 [7 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application signed in.
INFO 2020-04-02 09:58:44,126 [7 ] tonsoftJson.NewtonsoftJsonResultExecutor - Executing JsonResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
INFO 2020-04-02 09:58:44,127 [7 ] c.Infrastructure.ControllerActionInvoker - Executed action MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc) in 319.9621ms
INFO 2020-04-02 09:58:44,127 [7 ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'MyProjectName.Web.Controllers.AccountController.Login (MyProjectName.Web.Mvc)'
INFO 2020-04-02 09:58:44,127 [7 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 360.2291ms 200 application/json; charset=utf-8
INFO 2020-04-02 09:58:44,139 [7 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/App
INFO 2020-04-02 09:58:44,144 [7 ] uthorization.DefaultAuthorizationService - Authorization failed.
INFO 2020-04-02 09:58:44,145 [7 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application was challenged.
INFO 2020-04-02 09:58:44,145 [7 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished in 6.5394ms 302
INFO 2020-04-02 09:58:44,148 [14 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://myiispc:44302/Account/Login?ReturnUrl=%2FApp
4 Answer(s)
-
0
Solution was to add self signed certificate on myiispc - and use https. Not sure why it was working on http then stopped working on http during use though.
Link to article if anyone wants to know how to create a self signed IIS certificate. https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html
-
0
hi @dexmox
This is because chrome 80+ thinks your website is "not secure"!
Reject insecure SameSite=None cookies
Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected.
The Stable version of Chrome 80 is targeted for enabling this feature by default. This feature is available as of Chrome 76 by enabling the cookies-without-same-site-must-be-secure flag.
See https://www.chromium.org/updates/same-site for full timeline and more details.
Zero already uses https.
https://github.com/aspnetzero/aspnet-zero-core/issues/2950 https://github.com/aspnetzero/aspnet-zero-core/pull/2952
-
0
To use HTTPs URL is a good option. This issue persist even in development machine!
-
0
hi @ISTeam
You can install the localhst https certificate.
https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#trust-the-aspnet-core-https-development-certificate-on-windows-and-macos