locked
asp core 3.1 identity login dowesn't work and shows samesite warning RRS feed

  • Question

  • User-1698915501 posted
    I just finished my asp .net core 3.1 project. and i was trying to deploy it on IIS. So first i scaffolded Asp Identity and it created identityHostingStartup and other files. And published the project as self-Contained for win-x64  as  I generated self signed certificate using openssl for Identity using this process 
     https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-azure/  and put it inside publish folder.also i have used No managed code for the app pool when i tested it, the login it worked on some machines on chrome but for those it didn't work on,it still worked on Microsoft edge browser. when i inspected the login, it shows a warning "a cookie associated with the resource was set with samesite==none" and the warning disappears instantly.But the request was sent with a cookie with value "samesite= strict" and not secure. So i modified startup.cs  as shown and set samesite property to none but it didn't work. 
     
    Here is the code for **startup.cs** 
           public void ConfigureServices(IServiceCollection services)
            {
                X509Certificate2 cert = null;
                using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
                {
                    certStore.Open(OpenFlags.ReadOnly);
                    X509Certificate2Collection certCollection = certStore.Certificates.Find(
                        X509FindType.FindByThumbprint,
                        // Replace below with your cert's thumbprint
                        "418f13d9473b6412e186f8e3a05fbf0370ec865c",
                        false);
                    // Get the first cert with the thumbprint
                    if (certCollection.Count > 0)
                    {
                        cert = certCollection[0];
                        //Log.Logger.Information($"Successfully loaded cert from registry: {cert.Thumbprint}");
                    }
                }
    
                // Fallback to local file for development
                if (cert == null)
                {
                    cert = new X509Certificate2(Path.Combine("C:\\inetpub\\wwwroot\\VatAppPublish\\", "localhost.pfx"), "");
                   // Log.Logger.Information($"Falling back to cert from file. Successfully loaded: {cert.Thumbprint}");
                }
    
               
                services.AddDbContext<vat_dbContext>(options =>
                    options.UseMySql(
                        Configuration.GetConnectionString("DefaultConnection")));
                services.AddDbContext<ApplicationDbContext>(options =>
                   options.UseMySql(
                       Configuration.GetConnectionString("DefaultConnection")));
    
                services.AddMvc(option => option.EnableEndpointRouting = false)
                    .SetCompatibilityVersion(CompatibilityVersion.Version_3_0)
                    .AddNewtonsoftJson(opt => opt.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore)
                    .AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>());
    
                services.AddAuthentication(IISDefaults.AuthenticationScheme);
    
                services.AddTransient<CompanyBLLCustom>();
                services.AddTransient<CustomerBLLCustom>();
                services.AddTransient<MachinesalesBLLCustom>();
                services.AddTransient<ManualsalesBLLCustom>();
                services.AddTransient<PurchaseBLLCustom>();
                services.AddTransient<SummaryreportsBLLCustom>();
                services.AddTransient<SystemconfigBLLCustom>();
                services.AddTransient<SalesreportBLLCustom>();
                services.AddTransient<PurchasereportBLLCustom>();
    
                services.AddTransient<CompanyFunctions>();
                services.AddTransient<CustomerFunctions>();
                services.AddTransient<MachinesalesFunctions>();
                services.AddTransient<ManualsalesFunctions>();
                services.AddTransient<PurchaseFunctions>();
                services.AddTransient<SystemconfigFunctions>();
                services.AddTransient<SummaryreportsFunctions>();
                services.AddTransient<SalesreportFunctions>();
                services.AddTransient<PurchasereportFunctions>();
    
                services.AddTransient<CompanyValidator>();
                services.AddTransient<CustomerValidator>();
                services.AddTransient<MachinesalesValidator>();
                services.AddTransient<ManualsalesValidator>();
                services.AddTransient<PurchaseValidator>();
                services.AddTransient<SummaryreportsValidator>();
                services.AddTransient<SystemconfigValidator>();
    
    
    
                services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
                    .AddEntityFrameworkStores<ApplicationDbContext>();
    
                services.AddIdentityServer()
                    .AddApiAuthorization<ApplicationUser, ApplicationDbContext>()
                    .AddSigningCredential(cert); ;
    
                services.Configure<CookiePolicyOptions>(options =>
                {
                    options.MinimumSameSitePolicy = SameSiteMode.None;
                });
    
    
                services.AddAuthentication()
                    .AddIdentityServerJwt();
    
                services.AddControllersWithViews();
                services.AddRazorPages();
    
                // In production, the React files will be served from this directory
                services.AddSpaStaticFiles(configuration =>
                {
                    configuration.RootPath = "ClientApp/build";
                });
            }
    
            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
                app.UseAuthentication();
                app.UseIdentityServer();          
                app.UseHttpsRedirection();
    
                if (env.IsDevelopment())
                {
                    app.UseDeveloperExceptionPage();
                    app.UseDatabaseErrorPage();
                }
                else
                {
                    app.UseExceptionHandler("/Error");
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts();
                }
    
                app.UseStaticFiles();
                app.UseSpaStaticFiles();
    
                app.UseRouting();
                app.UseAuthorization();
    
                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllerRoute(
                        name: "default",
                        pattern: "{controller}/{action=Index}/{id?}");
                    endpoints.MapRazorPages();
                });
    
                app.UseSpa(spa =>
                {
                    spa.Options.SourcePath = "ClientApp";
    
                    if (env.IsDevelopment())
                    {
                        spa.UseReactDevelopmentServer(npmScript: "start");
                    }
                });
    
                app.UseCookiePolicy(new CookiePolicyOptions
                {
                    MinimumSameSitePolicy = SameSiteMode.None
                });
    ```
    *** appseting.json***
    ```{
      "ConnectionStrings": {
        "DefaultConnection": "Server=localhost;Port=3306;User=root;Password='';Database=vat_db;TreatTinyAsBoolean=true"
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information",
          "Microsoft": "Warning",
          "Microsoft.Hosting.Lifetime": "Information"
        }
      },
    
      "IdentityServer": {
        "Clients": {
          "VatApplication": {
            "Profile": "IdentityServerSPA"
          }
        }
        ,
        "Key": {
          "Type": "File",
          "FilePath": "C:\\inetpub\\wwwroot\\VatAppPublish\\localhost.pfx",
          "Password": ""
        }
      },
    
      "AllowedHosts": "*"
    }
    ```
    **IdentityHostingStartup.CS**
    ```public class IdentityHostingStartup : IHostingStartup
        {
            public void Configure(IWebHostBuilder builder)
            {
                builder.ConfigureServices((context, services) => {
                });
            }
        }

    Thank you in Advance.
    Saturday, March 7, 2020 6:52 AM

All replies