Search code examples
androidioscordovaasp.net-web-apimonaca

(Monaca, Cordova) Web API request with form authentication (Cookie) not working

I have a problem about one of my app and Web API published. The problem has not resolved yet, so I need your help!

Specs

The app

  • The app is built with Monaca (https://monaca.io/ , based on Cordova, HTML / JavaScript / CSS),
  • Calls Web APIs with jQuery (version 3.4.1) ajax method.
  • The app needs login API first, get credentialls with cookie, and then calls other requests other Web APIs with the credentials.

The Web API

  • Built by ASP.NET MVC (C#), and hosts on Microsoft Azure (App Service).
  • Login endpoint returns credentials if the ID and password in the request are correct.
  • Other API endpoint needs authorization with the code "[Authorize]".

Details of the Problem

Even if Login requests succeeded, the next API call returns error (401 Unauthorized). This issue has been reported on 24 January 2020, and even now.

Tracking data (with Charles Proxy), I found things below:

  • Login endpint returns credentials (Set-Cookie: xxxx).
  • On the app, the API call after login does not send "Cookie" credentials.

This problem is not occured on all devices supported (iOS & Android with latest version of webview)

  • Google Pixel 3a (Android 10): call Failed
  • Motorola Moto X4 (Android 9): Failed
  • Huawei (Android 6): Failed
  • iPhone SE (iOS 12.4): Failed
  • iPhone 6 Plus (iOS 10.2.1): call SUCCEEDED

Both the app and the Web API have not updated in the last 3 months at least.

Solution

  • I solved this problem. The Problem was on the server side (Web API on Azure).

    Announcement: SameSite Cookie Handling and .NET Framework 4.7.2 Patch Availability on Azure App Service - Microsoft Q&A (Preview)
    https://learn.microsoft.com/answers/questions/6842/announcement-samesite-cookie-handling-and-net-fram.html

    The Web API was built with ASP.NET MVC 4.5 on Azure App Service. On January 2020, A new service was installed on Azure, and then the Web API had errors.

    According to the guide of the page above, the problem's been solved.

    (I couldn't find why the API worked fine on the test machine iPhone 6 Plus, iOS 10.2.1.)