Asked by:
Google external login problem some browsers

Question
-
User1230559574 posted
Using ASP.NET Core 3.1-Identity 3.1-Nginx-Ubuntu, I have a web app with no problem on Google sign-in oauth2 while on localhost/IIS.
When transfer application to Ubuntu/Nginx(reverse proxy) , Mozilla Firefox is good but I have error/warning using chrome and opera browsers:
WARN|Microsoft.AspNetCore.Authentication.Google.GoogleHandler|'.AspNetCore.Correlation.Google.???' cookie not found. ERROR|An error was encountered while handling the remote login. ---> System.Exception: Correlation failed.
I tried to modify my Nginx headers, but I do not know if it is related to Nginx, cuz it is good in Mozilla-firefox.
This is my Startup.cs :
public void ConfigureServices(IServiceCollection services) { services.PostConfigure<CookieAuthenticationOptions> (IdentityConstants.ApplicationScheme, option => { option.Cookie.Name = "myApp_2"; //Login Cookie option.ExpireTimeSpan = TimeSpan.FromDays(30); }); services.AddAuthentication().AddGoogle(options => { options.ClientId = "???.apps.googleusercontent.com"; options.ClientSecret = "???"; }) . . .
Any hint is appreciable. I'm in local yet and not using HTTPS/SSL.
location / { proxy_pass http://localhost:5002; proxy_http_version 1.1; Proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }
Update 1: when I add the following to my startup.cs, the problem resolved but do know nothing about it !
private void CheckSameSite(HttpContext httpContext, CookieOptions options) { if (options.SameSite == Microsoft.AspNetCore.Http.SameSiteMode.None) { var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); // TODO: Use your User Agent library of choice here. if (true) { options.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified; } } } public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified; options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); }); } public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseCookiePolicy(); }
Thursday, April 15, 2021 6:38 PM
All replies
-
User-474980206 posted
You should use the browsers network trace to see why the cookie is dropped.
Thursday, April 15, 2021 7:08 PM -
User1230559574 posted
Thanks for replying. I found that update 1 , modifying `SameSiteMode` could resolve the problem though I couldn't understand what's happenning in side the code !!
I traced the cookie in developer, in firefox and opera. Some cookie related to https://accounts.google.com maybe are lost within the external login process.
Thursday, April 15, 2021 9:15 PM -
User-474980206 posted
chrome changed its security policy for cookies.
Thursday, April 15, 2021 10:11 PM