Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cookie Auth Fails in Embedded App

See original GitHub issue

I am creating an app using .NET Core 2.1

When the app loads in the iFrame, the auth cookie is never set or read. Auth works fine outside of the iFrame. What am I missing?

I am running ngrok using: ngrok http -subdomain=mydomain -host-header=localhost:62754 62754

Here is my AuthorizationHandler.HandleRequirementAsync method 👍

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
      SubscribedRequirment requirement) {
      // Get the context       
      if (!(context.Resource is AuthorizationFilterContext redirectContext)) {
        context.Fail();
        return Task.CompletedTask;
      }
      var isAuthenticated = _signInManager.IsSignedIn(context.User); // <-- This is always false in embedded iFrame
      if (isAuthenticated) {
        var userId = context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value; 
        //Get the shop's status from the CacheEngine.
        var status = _cacheEngine.GetShopStatus(userId);
        if (status.BillingIsConnected && status.ShopIsConnected) {
          context.Succeed(requirement);
          return Task.CompletedTask;
        }
        if (status.BillingIsConnected == false) {
          //User has connected their Shopify shop, but they haven't accepted a subscription charge.
          redirectContext.Result = new RedirectToActionResult("register", "charge", null);
          context.Succeed(requirement);
          return Task.CompletedTask;
        }
        //User has created an account, but they haven't connected their Shopify shop.
        redirectContext.Result = new RedirectToActionResult("register", "connect", null);
        context.Succeed(requirement);
        return Task.CompletedTask;
      }
      //User has created an account, but they haven't connected their Shopify shop.
      redirectContext.Result = new RedirectToActionResult("index", "home", null);
      context.Succeed(requirement);
      return Task.CompletedTask;
    }

In Start up

services.Configure<CookiePolicyOptions>(options =>
      {
        options.CheckConsentNeeded = context => false;
        options.MinimumSameSitePolicy = SameSiteMode.None;
      });

Issue Analytics

State:
Created 5 years ago
Comments:16 (6 by maintainers)

Top GitHub Comments

1reaction

elegaultcommented, Mar 6, 2021

This post solved a major headache for me. THANK YOU!

1reaction

Matt-Kaminskicommented, Apr 1, 2020

Which version of .Net are you using?

I’ve had this problem with .NET Core 2.1. It turns out that there is a bug caused by SameSiteMode.None not sending any attribute. For me, this was the solution:

Does not work: