This is related to https://support.aspnetzero.com/QA/Questions/9441/Cannot-Complete-Authentication-After-Chrome-Windows-Update--Local-State-File-Data-Conflict-in-Windows-User-App-Data
This is 8.9, JQ
The issue is with Chrome 84.0.4147.105 in my case, multiple users.
No modifications to any of the authentication code and everything works great, except for some users that use this version of Chrome. Testing in production, we created a new Tenant, and he is unable to login.
I've been able to recreate this in development environment by adding my domain, and his tenant name + my domain to my hosts file, modifying IIS express configuration to listen on port 80, and pointing my dev environment at the production database. Lastly, I took the Local State file for the user and copied that to my Chrome profile.
User logs in - it posts and redirects to /App
Which immediately redirects back to login.
In the IIS logs:
INFO 2020-07-31 22:26:26,118 [10 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 GET http://{Tenant}.{My Domain}/App
INFO 2020-07-31 22:26:26,127 [10 ] uthorization.DefaultAuthorizationService - Authorization failed.
INFO 2020-07-31 22:26:26,129 [10 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application was challenged.
In my instance, no users for my new tenant are able to login with Chrome if they've logged in before it was updated,
The only resolution it have them remove the Local State file from the browser profile folder in app data.
I have my site deployed to Azure (linux) and am not using SSL at the moment, we're not live yet.
15 Answer(s)
-
0
hi
Can you share your website url and reproduce steps to me?([email protected]) I can test it in chrome.
-
0
hi @marble68
The Chrome blocked your application cookies because the
samesiteproblem.Login?ReturnUrl=%2FApp:1 A cookie associated with a resource at http://xxxx.io/ was set withSameSite=Nonebut withoutSecure. It has been blocked, as Chrome now only delivers cookies markedSameSite=Noneif they are also markedSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
There are two solution:
Use https for your website.(recommend)
Add SameSite Cookie Policy
https://github.com/IdentityServer/IdentityServer4/blob/18897890ce2cb020a71b836db030f3ed1ae57882/src/IdentityServer4/host/Extensions/SameSiteHandlingExtensions.cs https://github.com/IdentityServer/IdentityServer4/blob/c62ae5edd69ef087a99deb62abe7e45c1cdb2bb0/src/IdentityServer4/host/Startup.cs#L43 https://github.com/IdentityServer/IdentityServer4/blob/c62ae5edd69ef087a99deb62abe7e45c1cdb2bb0/src/IdentityServer4/host/Startup.cs#L113
-
0
Hi maliming, I am using HTTPS (on IISExpress) and I am still getting the same error. I am unable to login whatsoever.
I am getting
INFO 2020-08-27 23:28:50,548 [24 ] uthorization.DefaultAuthorizationService - Authorization failed. INFO 2020-08-27 23:28:50,548 [24 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application was challenged.
I also followed this code to add it to my startup (even with SameSite = Strict; it is not logging me in: https://github.com/IdentityServer/IdentityServer4/pull/3940/files#diff-b9f10086c020d93ff1e004bf4747af01R26
It has been really problmatic and I am unable to login and/or continue my development because I am stuck on the public site and login page.
I am still on v8.7
-
0
hi @alharethi
I am using HTTPS (on IISExpress)
Can you explain in details? Are you debug it by Visual Studio?
-
0
Hi maiming,
I have had this issue for as long as I had your product.
It does not matter if I'm running it in debug mode or non debug mode.
It does not matter if I'm using it with HTTP or HTTPS.
Is your latest and most recent version fixing the same site cookie issue out of the box? If so, then I might have to upgrade. If not, then I may either request a fund or ask you to fix the issue. This is really painful and I have wasted too much time to get it to work.
Thanks
-
0
hi
Is your latest and most recent version fixing the same site cookie issue out of the box?
You can try the Demo project with new version.
I can check your problem remotely via teamviewer afterwards.
-
0
I am downloading now v9.1.0 and will give feedback; but I had v9.0.0 and it has the same issue: can't login at all.
-
0
hi
If you can't solve it, please send me the connection info of teamviewer
[email protected] -
0
I am able to login to the system; however I still see the same SameSite cookie warning.
Here are the changes I have made to the login flow:
- I am not using the abp scripts. I am just ignoring all of your JavaScript files because they're big and too much. I also don't need much of fancy stuff. I just need simple login; even if I have to post back and show the user the errors.
- Today I tried to add the cookie fix as mentioned in my previous response but it did not help.
I can't upgrade to v9.1.0 because you guys have not fixed the RTL layout; as I am using my application in Arabic only.
I will do a comparison between v9.1.0 and v8.7.0 (which I have) and see if the logic internally changed (for login only). Do you know if you guys have made changes to the Identify Server logic at all?
I would still appreciate if someone from your team can do a one-on-one to look at my setup and help me fix the issue.
Here is the screen shot from v9.1.0 login. It is working but I am seeing the SameSite cookie warning:
-
0
Hi maliming, Just emailed you!
Thanks
-
0
-
0
Hi @ismcagdas
Followed everything in that thread, did not work. https://support.aspnetzero.com/QA/Questions/9543/Solution-for-unable-to-log-in-via-http-in-the-new-chrome-9537#answer-c907c194-129e-562b-7c63-39f73d0dcbac
Can someone take a look at my code? Can I send someone my solution and you guys run it locally? I am not using any of your JavaScript at all. Not sure if that is affecting anything since we're working with code-behind/C# code and not JS.
You guys need to have people working to support your product 24/7. We can't wait 24 hours for a reply; and the reply is typically very shot and not detailed.
-
0
Hi,
I have the same problem, too, after testing the latest demo source code in our local environment. I hope you can send an immediate patch for this, because we cannot start our testing due to this persistent problem. Thanks
-
0
The problem of @alharethi has been solved remotely, and our solution is no problem.
https://support.aspnetzero.com/QA/Questions/9537/Solution-for-unable-to-log-in-via-http-in-the-new-chrome
-
0
I also commit some example code. https://github.com/aspnetzero/aspnet-zero-core/commit/74b139eb0d8edd8658888189471cd3a192891779
