locked
Google external login problem some browsers RRS feed

  • Question

  • User1230559574 posted

    Using ASP.NET Core 3.1-Identity 3.1-Nginx-Ubuntu, I have a web app with no problem on Google sign-in oauth2 while on localhost/IIS.

    When transfer application to Ubuntu/Nginx(reverse proxy) , Mozilla Firefox is good but I have error/warning using chrome and opera browsers:

    WARN|Microsoft.AspNetCore.Authentication.Google.GoogleHandler|'.AspNetCore.Correlation.Google.???' cookie not found.
    ERROR|An error was encountered while handling the remote login.
     ---> System.Exception: Correlation failed.

    I tried to modify my Nginx headers, but I do not know if it is related to Nginx, cuz it is good in Mozilla-firefox.

    This is my Startup.cs :

    public void ConfigureServices(IServiceCollection services)
    {
     services.PostConfigure<CookieAuthenticationOptions> (IdentityConstants.ApplicationScheme, option =>
       {
           option.Cookie.Name = "myApp_2"; //Login Cookie
           option.ExpireTimeSpan = TimeSpan.FromDays(30);
       });
    
      services.AddAuthentication().AddGoogle(options =>
        {
            options.ClientId = "???.apps.googleusercontent.com";
            options.ClientSecret = "???";
        })
    .   .   .
    
    

    Any hint is appreciable. I'm in local yet and not using HTTPS/SSL.

    location / {
            proxy_pass         http://localhost:5002;
            proxy_http_version 1.1;
    	Proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
    }

    Update 1: when I add the following to my startup.cs, the problem resolved but do know nothing about it ! 

            private void CheckSameSite(HttpContext httpContext, CookieOptions options)
            {
                if (options.SameSite == Microsoft.AspNetCore.Http.SameSiteMode.None)
                {
                    var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                    // TODO: Use your User Agent library of choice here. 
                    if (true)
                    {
                        options.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
                    }
                }
            }
      
            public void ConfigureServices(IServiceCollection services)
            {
               
                services.Configure<CookiePolicyOptions>(options =>
                {
                    options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
                    options.OnAppendCookie = cookieContext =>
                        CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                    options.OnDeleteCookie = cookieContext =>
                        CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                });
                
            }
    
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
               
                app.UseCookiePolicy();
    	}

    Thursday, April 15, 2021 6:38 PM

All replies

  • User-474980206 posted

    You should use the browsers network trace to see why the cookie is dropped.

    Thursday, April 15, 2021 7:08 PM
  • User1230559574 posted

    Thanks for replying. I found that update 1 , modifying `SameSiteMode` could resolve the problem though I couldn't understand what's happenning in side the code !! 

    I traced the cookie in developer, in firefox and opera. Some cookie related to https://accounts.google.com maybe are lost within the external login process.

    Thursday, April 15, 2021 9:15 PM
  • User-474980206 posted

    chrome changed its security policy for cookies. 

      https://web.dev/samesite-cookies-explained/

    Thursday, April 15, 2021 10:11 PM