Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AspNet Core Identity, how set options.Cookie.SameSite?

In the latest templates and libraries used httpsonly flag. How can I turn it off?

This same question is outdated and it did not have full configuration sample:

AspNet Core Identity - cookie not getting set in production

like image 998
FreeVice Avatar asked Jan 01 '18 17:01

FreeVice


2 Answers

The answer by @poke did not help me set the value to SameSiteMode.None, atleast not in ASP.NET core 2.1.

Any value you set in configure application cookie is overridden by the MinimumSameSitePolicy setting of the cookie policy middleware.

To prevent the override, set MinimumSameSitePolicy for the UseCookiePolicy extension as SameSiteMode.None.

app.UseCookiePolicy(new CookiePolicyOptions
{
   MinimumSameSitePolicy = SameSiteMode.None
});

Then set the actual same site value in the AddCookie extension in the ConfigureServices method

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
    options => options.Cookie.SameSite = SameSiteMode.None;
});
like image 83
Parag Avatar answered Sep 29 '22 12:09

Parag


For my case in asp.net core 3.1 two things in combination did the trick

services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.SameSite = SameSiteMode.Unspecified;
        });

        services.AddAntiforgery(opts => {
            opts.Cookie.SameSite = SameSiteMode.Unspecified;
        });
like image 27
ppenchev Avatar answered Sep 29 '22 12:09

ppenchev