asp.net.netweb-configforms-authenticationsamesite
Send Forms Authentication Cookie with explicit samesite=none
I have been able to do this transition for the session cookie but not for the login cookie
and I have the following web.config
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
if I change cookieSameSite="None" to cookieSameSite="Lax" or strict. I can see that the change takes place, but it seems to still have the old behavior of not emiting the samesite value when set to None
I'm using .net framework 4.7.2 and have installed the server update that allowed me to do the session with samesite=none
Solution
turn out I was missing sameSite="None" <httpCookies
so now I have : <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
- video file loaded sucussefully when run my website locally but not after publishing
- Does the client knowing all the endpoint names pose a security risk?
- Paging, sorting, searching on Ajax View in asp.net mvc
- Dynamically added ListBox's EventHandler is not firing on ASP.Net
- Asp.Net Core create a controller to send emails using SendGrid
- How to constrain a POST call to just one submit button in ASP.NET Web pages?
- Resx file default 'internal' to 'public'
- How do I attach the debugger to IIS instead of ASP.NET Development Server?
- Publishing ASP.NET Core 7 Web API on Windows Plesk - error: Could not load file or assembly 'Microsoft.Data.SqlClient'
- Invoking SignalR from Postman
- Parse ajax json response
- How to update a List<> item's property in C#
- In-line validation with dynamic components in Blazor/Mudblazor
- How do I pass a Model from a View, to another view, without data getting Lost?
- Process.Start(...) Suddenly Fails when Called by ASP.NET MVC 5 Running in IIS on Windows 10 and Windows Server 2019
- How do you include a non-referenced dll when publishing a web application?
- IIS 7.5 only shows directory list or 403 instead of ASP.NET Application
- The request was aborted: Could not create SSL/TLS secure channel
- Entity Framework vs Direct Data Access
- How can I set Async="true" for all pages?
- How do I encrypt URLs in ASP.NET MVC?
- Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
- Publish ASP.NET app without certain folders
- Multiple database in one transaction in Entity Framework
- VSTS Build Pipeline: Test fails connecting to Azure Key Vault
- How to Get BootStrapper.exe work in Windows Azure?
- How to fix "No .NET SDKs were found." error--VSCode
- End-to-End application testing from a user's standpoint
- Why HttpContext.Current.Session is changing evertime I visit the same page ASP.Net
- redirect http://mywebsite.com to http://www.mywebsite.com