Base solution for your next web application
Open Closed

Solution for unable to log in via http in the new chrome. #9537 #9543


User avatar
0
serdar created
  1. çözüm öneriniz(https) işe yaramıyor. Biraz daha detay verebilir misiniz ?

15 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi @serdar

    Please share the details of the problem you encountered.(engilish) : )

  • User Avatar
    0
    serdar created

    What kind of change is required to the aspnetzero code to fix this problem?

  • User Avatar
    0
    maliming created
    Support Team

    hi

    You need copy the following code to the zero.

    https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Extensions/SameSiteHandlingExtensions.cs https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Startup.cs#L43 https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/host/Startup.cs#L113

  • User Avatar
    0
    serdar created

    In which project, to which file? Could you please be a clearer guide.

  • User Avatar
    0
    maliming created
    Support Team

    Hi

    You can put the SameSiteHandlingExtensions in the Web.Core layer. Call AddSameSiteCookiePolicy and UseCookiePolicy in Startup class of Web.Mvc or Web.Host

  • User Avatar
    0
    serdar created

    I think you need to improve on replying to customers. Late and short answers aren't enough for everyone. For example your latest reply is a short one. In your place I would have ussued this as a patch to make sure customers get good service.

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Thanks for your suggestion! : )

  • User Avatar
    0
    serdar created
    1. Step : Create new file on '/src/xxx.Web.Mvc/Startup/SameSiteHandlingExtensions.cs' The Code:

    `public static class SameSiteHandlingExtensions { public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services) { services.Configure

        private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
        {
            if (options.SameSite == SameSiteMode.None)
            {
                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent))
                {
                    // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
                    options.SameSite = SameSiteMode.Unspecified;
                }
            }
        }
    
        private static bool DisallowsSameSiteNone(string userAgent)
        {
            // Cover all iOS based browsers here. This includes:
            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
            // All of which are broken by SameSite=None, because they use the iOS networking stack
            if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12"))
            {
                return true;
            }
    
            // Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
            // - Safari on Mac OS X.
            // This does not include:
            // - Chrome on Mac OS X
            // Because they do not use the Mac OS networking stack.
            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
            {
                return true;
            }
    
            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
            // and none in this range require it.
            // Note: this covers some pre-Chromium Edge versions, 
            // but pre-Chromium Edge does not require SameSite=None.
            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
            {
                return true;
            }
    
            return false;
        }
    }`
    
    1. Step : Change (add) '/src/xxx.Web.Mvc/Startup/Startup.cs' like this :

  • User Avatar
    0
    fncoph created

    Hi, I have done the same direction above, and login functionality is still elusive. Any other setup we need to do to get this through?

  • User Avatar
    0
    alharethi created

    Same here. I have not been able to login at all on v8.7.0. Are the latest versions working, meaning did you incorporate the SameSite fix into them? If I have to upgrade, I will have to.

  • User Avatar
    0
    serdar created

    Can you try this :

  • User Avatar
    0
    fncoph created

    Hi @serdar, Thank you so much for your response. I have modified the same as you have provided, but to no effect. Here is my current setup:

  • User Avatar
    0
    serdar created

    sory @fncoph...my fault...

    this is my commit: (It will happen when you do these.)

  • User Avatar
    0
    maliming created
    Support Team

    I commit some example code. https://github.com/aspnetzero/aspnet-zero-core/commit/74b139eb0d8edd8658888189471cd3a192891779

  • User Avatar
    0
    fncoph created

    Hi, Thank you so much for the reply. I have followed as you instructed. SameSiteHandlingExtension.cs

    Web.Mvc

    Web.Host

    I even tried commenting the env.IsDevelopment condition as per @serdar said, but to no avail. I am not really sure what to do at this point as we cannot start anything without resolving it first. Thank you very much.