<div>I just finished my asp .net core 3.1 project. and i was trying to deploy it on
IIS. So first i scaffolded Asp Identity and it created
identityHostingStartup and other files. And published the project as self-Contained for
win-x64 as I generated self signed certificate using openssl for Identity using this process </div> <div>https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-azure/
and put it inside publish folder.also i have used No managed code for the app pool when i tested it, the login it worked on some machines on chrome but for those it didn't work on,it still worked on Microsoft edge browser. when i inspected
the login, it shows a warning "a cookie associated with the resource was set with samesite==none" and the warning disappears instantly.But the request was sent with a cookie with value
"samesite= strict" and not secure. So i modified startup.cs
as shown and set samesite property to none but it didn't work. </div> <div></div> <div>Here is the code for **startup.cs** </div> <div>
public void ConfigureServices(IServiceCollection services)
{
X509Certificate2 cert = null;
using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
// Replace below with your cert's thumbprint
"418f13d9473b6412e186f8e3a05fbf0370ec865c",
false);
// Get the first cert with the thumbprint
if (certCollection.Count > 0)
{
cert = certCollection[0];
//Log.Logger.Information($"Successfully loaded cert from registry: {cert.Thumbprint}");
}
}
// Fallback to local file for development
if (cert == null)
{
cert = new X509Certificate2(Path.Combine("C:\\inetpub\\wwwroot\\VatAppPublish\\", "localhost.pfx"), "");
// Log.Logger.Information($"Falling back to cert from file. Successfully loaded: {cert.Thumbprint}");
}
services.AddDbContext<vat_dbContext>(options =>
options.UseMySql(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseMySql(
Configuration.GetConnectionString("DefaultConnection")));
services.AddMvc(option => option.EnableEndpointRouting = false)
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0)
.AddNewtonsoftJson(opt => opt.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore)
.AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>());
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddTransient<CompanyBLLCustom>();
services.AddTransient<CustomerBLLCustom>();
services.AddTransient<MachinesalesBLLCustom>();
services.AddTransient<ManualsalesBLLCustom>();
services.AddTransient<PurchaseBLLCustom>();
services.AddTransient<SummaryreportsBLLCustom>();
services.AddTransient<SystemconfigBLLCustom>();
services.AddTransient<SalesreportBLLCustom>();
services.AddTransient<PurchasereportBLLCustom>();
services.AddTransient<CompanyFunctions>();
services.AddTransient<CustomerFunctions>();
services.AddTransient<MachinesalesFunctions>();
services.AddTransient<ManualsalesFunctions>();
services.AddTransient<PurchaseFunctions>();
services.AddTransient<SystemconfigFunctions>();
services.AddTransient<SummaryreportsFunctions>();
services.AddTransient<SalesreportFunctions>();
services.AddTransient<PurchasereportFunctions>();
services.AddTransient<CompanyValidator>();
services.AddTransient<CustomerValidator>();
services.AddTransient<MachinesalesValidator>();
services.AddTransient<ManualsalesValidator>();
services.AddTransient<PurchaseValidator>();
services.AddTransient<SummaryreportsValidator>();
services.AddTransient<SystemconfigValidator>();
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>()
.AddSigningCredential(cert); ;
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddControllersWithViews();
services.AddRazorPages();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseIdentityServer();
app.UseHttpsRedirection();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None
});
```
*** appseting.json***
```{
"ConnectionStrings": {
"DefaultConnection": "Server=localhost;Port=3306;User=root;Password='';Database=vat_db;TreatTinyAsBoolean=true"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"IdentityServer": {
"Clients": {
"VatApplication": {
"Profile": "IdentityServerSPA"
}
}
,
"Key": {
"Type": "File",
"FilePath": "C:\\inetpub\\wwwroot\\VatAppPublish\\localhost.pfx",
"Password": ""
}
},
"AllowedHosts": "*"
}
```
**IdentityHostingStartup.CS**
```public class IdentityHostingStartup : IHostingStartup
{
public void Configure(IWebHostBuilder builder)
{
builder.ConfigureServices((context, services) => {
});
}
}
There is a related breaking change in .NET Core 3.1, where the behavior of SameSiteMode.None is changed and a new
value SameSiteMode.Unspecified is introduced.
The below links which are related to your issue may be helpful , you could refer to
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
None
0 Points
1 Post
asp core 3.1 identity login dowesn't work and shows samesite warning
Mar 07, 2020 06:52 AM|Freadam|LINK
public void ConfigureServices(IServiceCollection services) { X509Certificate2 cert = null; using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { certStore.Open(OpenFlags.ReadOnly); X509Certificate2Collection certCollection = certStore.Certificates.Find( X509FindType.FindByThumbprint, // Replace below with your cert's thumbprint "418f13d9473b6412e186f8e3a05fbf0370ec865c", false); // Get the first cert with the thumbprint if (certCollection.Count > 0) { cert = certCollection[0]; //Log.Logger.Information($"Successfully loaded cert from registry: {cert.Thumbprint}"); } } // Fallback to local file for development if (cert == null) { cert = new X509Certificate2(Path.Combine("C:\\inetpub\\wwwroot\\VatAppPublish\\", "localhost.pfx"), ""); // Log.Logger.Information($"Falling back to cert from file. Successfully loaded: {cert.Thumbprint}"); } services.AddDbContext<vat_dbContext>(options => options.UseMySql( Configuration.GetConnectionString("DefaultConnection"))); services.AddDbContext<ApplicationDbContext>(options => options.UseMySql( Configuration.GetConnectionString("DefaultConnection"))); services.AddMvc(option => option.EnableEndpointRouting = false) .SetCompatibilityVersion(CompatibilityVersion.Version_3_0) .AddNewtonsoftJson(opt => opt.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore) .AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>()); services.AddAuthentication(IISDefaults.AuthenticationScheme); services.AddTransient<CompanyBLLCustom>(); services.AddTransient<CustomerBLLCustom>(); services.AddTransient<MachinesalesBLLCustom>(); services.AddTransient<ManualsalesBLLCustom>(); services.AddTransient<PurchaseBLLCustom>(); services.AddTransient<SummaryreportsBLLCustom>(); services.AddTransient<SystemconfigBLLCustom>(); services.AddTransient<SalesreportBLLCustom>(); services.AddTransient<PurchasereportBLLCustom>(); services.AddTransient<CompanyFunctions>(); services.AddTransient<CustomerFunctions>(); services.AddTransient<MachinesalesFunctions>(); services.AddTransient<ManualsalesFunctions>(); services.AddTransient<PurchaseFunctions>(); services.AddTransient<SystemconfigFunctions>(); services.AddTransient<SummaryreportsFunctions>(); services.AddTransient<SalesreportFunctions>(); services.AddTransient<PurchasereportFunctions>(); services.AddTransient<CompanyValidator>(); services.AddTransient<CustomerValidator>(); services.AddTransient<MachinesalesValidator>(); services.AddTransient<ManualsalesValidator>(); services.AddTransient<PurchaseValidator>(); services.AddTransient<SummaryreportsValidator>(); services.AddTransient<SystemconfigValidator>(); services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true) .AddEntityFrameworkStores<ApplicationDbContext>(); services.AddIdentityServer() .AddApiAuthorization<ApplicationUser, ApplicationDbContext>() .AddSigningCredential(cert); ; services.Configure<CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddAuthentication() .AddIdentityServerJwt(); services.AddControllersWithViews(); services.AddRazorPages(); // In production, the React files will be served from this directory services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/build"; }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseAuthentication(); app.UseIdentityServer(); app.UseHttpsRedirection(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); } else { app.UseExceptionHandler("/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseStaticFiles(); app.UseSpaStaticFiles(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( name: "default", pattern: "{controller}/{action=Index}/{id?}"); endpoints.MapRazorPages(); }); app.UseSpa(spa => { spa.Options.SourcePath = "ClientApp"; if (env.IsDevelopment()) { spa.UseReactDevelopmentServer(npmScript: "start"); } }); app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.None }); ``` *** appseting.json*** ```{ "ConnectionStrings": { "DefaultConnection": "Server=localhost;Port=3306;User=root;Password='';Database=vat_db;TreatTinyAsBoolean=true" }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "IdentityServer": { "Clients": { "VatApplication": { "Profile": "IdentityServerSPA" } } , "Key": { "Type": "File", "FilePath": "C:\\inetpub\\wwwroot\\VatAppPublish\\localhost.pfx", "Password": "" } }, "AllowedHosts": "*" } ```**IdentityHostingStartup.CS** ```public class IdentityHostingStartup : IHostingStartup { public void Configure(IWebHostBuilder builder) { builder.ConfigureServices((context, services) => { }); } }</div> <div>Thank you in Advance.</div>
Contributor
2070 Points
606 Posts
Re: asp core 3.1 identity login dowesn't work and shows samesite warning
Mar 09, 2020 03:08 PM|Sherry Chen|LINK
Hi Freadam ,
There is a related breaking change in .NET Core 3.1, where the behavior of
SameSiteMode.Noneis changed and a new valueSameSiteMode.Unspecifiedis introduced.The below links which are related to your issue may be helpful , you could refer to
https://github.com/Sustainsys/Saml2/issues/1091
https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/
Best Regards,
Sherry
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
None
0 Points
2 Posts
Re: asp core 3.1 identity login dowesn't work and shows samesite warning
Mar 21, 2020 01:13 PM|derflongbottom|LINK
Were you able to solve this? I have been dealing with the same issue for two weeks and I am stumped.
Member
168 Points
201 Posts
Re: asp core 3.1 identity login dowesn't work and shows samesite warning
Mar 23, 2020 11:10 AM|bluMarmalade|LINK
Offtopic: you have way too many transient services reigstered. Consider if you need some them to be scoped instead