I'm trying to load an asp.net core mvc application in another application using iframe the html is loaded but when click on login as example no result is shown .
I try thisservices.AddAntiforgery(o => o.SuppressXFrameOptionsHeader = true); in same domain the loaded app in the iframe work fine but in another
domain it doesn't function.
If this is a browser side security restriction, it should show a message in the browser console. If the antiforgery token is not found you should have an exception (you checked ?) etc...
What shows F12 Network for this http query ?
I always spend few minutes to find details about the exact error which is often quicker than trying to fix an error which is not yet well identified through guesses and tries...
If this is a browser side security restriction, it should show a message in the browser console. If the antiforgery token is not found you should have an exception (you checked ?) etc...
What shows F12 Network for this http query ?
I always spend few minutes to find details about the exact error which is often quicker than trying to fix an error which is not yet well identified through guesses and tries...
What is more confusing that there is no error or message shown in console or network tab once button is clicked
it looks like you loaded a partial view, and did not include the required scripts. your button is just a button and will not post back, nor is there a form for it to post.
an iframe is a standalone document, and inherits nothing from the parent window except the window.parent property.
it looks like you loaded a partial view, and did not include the required scripts. your button is just a button and will not post back, nor is there a form for it to post.
an iframe is a standalone document, and inherits nothing from the parent window except the window.parent property.
Hello, sorry for late reply the application was loaded successfully but when I came to login nothing happen it's look like no cookies were created or no request was sent.
you can only share cookies between apps is if they belong to the same sub-domain and the cookie domain is set to that subdomain (mystite1.foo.com & mysite2.foo.com and cookie domain is set to .mysite.com).
same site controls when the refer (site that the link can from) is not the same site. as the iframe is hosted may a different site, you need same-site = lax.
I have encountered the same issue as OP. Where I have iframe from another domain in my app, I control both domains. I have tried frame-ancestors but no luck. Whats going on is that chrome is blocking 3rd party cookies even, .net core cookies for antiforgery
and tempcookie provider. I have the cookie policy on both set to same site none and secure. What else do I need to do here or am I at the mercy of Chrome?
None
0 Points
5 Posts
Embed .Net Core MVC App in another application
Aug 03, 2020 05:16 PM|HsnSrhn|LINK
Hello,
Hope all is safe.
I'm trying to load an asp.net core mvc application in another application using iframe the html is loaded but when click on login as example no result is shown .
I try this services.AddAntiforgery(o => o.SuppressXFrameOptionsHeader = true); in same domain the loaded app in the iframe work fine but in another domain it doesn't function.
I also use
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
builder.WithOrigins("*");
builder.WithHeaders("*");
builder.WithMethods("*");
});
});
to permit for cors (cross origin resource sharing )
but nothing work for me
If there is any help I will appreciate.
Thanks all
All-Star
58444 Points
15770 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:02 PM|bruce (sqlwork.com)|LINK
Anti-forgery uses a cookie and hidden field. the post back must be to the same domain or the cookie is not sent.
You are hitting a cross origin error with the iframe, check the console. use the browsers debugging tools to see why blocked.
All-Star
48710 Points
18173 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:08 PM|PatriceSc|LINK
Hi,
You are not also using https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options ? You used F12 Console to see if the browser doesn't show a message telling you exactly what happens?
None
0 Points
5 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:15 PM|HsnSrhn|LINK
Thanks for your reply
What I wish to do is to load App1 in iframe or any html control in App2 with different domains .
In same domain i try it and work fine but as you said in different domain the cookie is not sent .
Is there a solution for this issue or I must think in different way
Nothing shown in the console while I click on a button maybe the cookie is empty ?
All-Star
48710 Points
18173 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:31 PM|PatriceSc|LINK
If this is a browser side security restriction, it should show a message in the browser console. If the antiforgery token is not found you should have an exception (you checked ?) etc...
What shows F12 Network for this http query ?
I always spend few minutes to find details about the exact error which is often quicker than trying to fix an error which is not yet well identified through guesses and tries...
None
0 Points
5 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:31 PM|HsnSrhn|LINK
Hi,
No error or messages in console I checked the Element tab only header html appeared but the rendered body is not as you see below
<body>
<header>
<nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
<div class="container">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target=".navbar-collapse" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="navbar-collapse collapse d-sm-inline-flex flex-sm-row-reverse">
<ul class="navbar-nav flex-grow-1">
<li class="nav-item">
<a class="nav-link text-dark" href="/Marker">Marker</a>
</li>
<li class="nav-item">
<a class="nav-link text-dark" href="/List/Chain">Chain</a>
</li>
<li class="nav-item">
<a class="nav-link text-dark" href="/List/AllContent">Content</a>
</li>
</ul>
</div>
</div>
</nav>
</header>
<div class="container">
<main role="main" class="pb-3">
Here must be the result of the render page
</main>
</div>
None
0 Points
5 Posts
Re: Embed .Net Core MVC App in another application
Aug 03, 2020 06:39 PM|HsnSrhn|LINK
What is more confusing that there is no error or message shown in console or network tab once button is clicked
All-Star
58444 Points
15770 Posts
Re: Embed .Net Core MVC App in another application
Aug 04, 2020 12:10 AM|bruce (sqlwork.com)|LINK
it looks like you loaded a partial view, and did not include the required scripts. your button is just a button and will not post back, nor is there a form for it to post.
an iframe is a standalone document, and inherits nothing from the parent window except the window.parent property.
None
0 Points
5 Posts
Re: Embed .Net Core MVC App in another application
Aug 07, 2020 04:23 PM|HsnSrhn|LINK
Hello, sorry for late reply the application was loaded successfully but when I came to login nothing happen it's look like no cookies were created or no request was sent.
I check microsoft docs for Samesite attribute in order to share cookies between two apps https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
but when I retry in Console tab was only shown the link to the login page as and error
Any help is appreciated
All-Star
58444 Points
15770 Posts
Re: Embed .Net Core MVC App in another application
Aug 07, 2020 11:56 PM|bruce (sqlwork.com)|LINK
you can only share cookies between apps is if they belong to the same sub-domain and the cookie domain is set to that subdomain (mystite1.foo.com & mysite2.foo.com and cookie domain is set to .mysite.com).
same site controls when the refer (site that the link can from) is not the same site. as the iframe is hosted may a different site, you need same-site = lax.
None
0 Points
1 Post
Re: Embed .Net Core MVC App in another application
Jan 17, 2021 05:15 AM|Javig56|LINK
I have encountered the same issue as OP. Where I have iframe from another domain in my app, I control both domains. I have tried frame-ancestors but no luck. Whats going on is that chrome is blocking 3rd party cookies even, .net core cookies for antiforgery and tempcookie provider. I have the cookie policy on both set to same site none and secure. What else do I need to do here or am I at the mercy of Chrome?