I'm using Identity Server 4 with Umbraco. When I login locally (localhost) from Edge, Firefox or Opera the login works correctly. If I try it from Chrome the login fails.
From the Identity Server 4 logs the only differences appear to be the CORS request line appears in Chrome and not for the other browsers
[DBG] umbraco found in database: true
[VRB] Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator
[DBG] client configuration validation for client umbraco succeeded.
---> [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
[VRB] No endpoint entry found for request path: /Account/Login
[VRB] returnUrl is valid
[DBG] Start authorize request protocol validation
[DBG] umbraco found in database: true
and for Edge, Firefox & Opera I get
[DBG] User in authorize request: 1932942018
and in Chrome I get
[DBG] No user present in authorize request
Can anyone tell me where to start looking? Is this a Chrome issue? Something related to using localhost? A configuration issue for IS4 that's only showing up in Chrome?
Using Identity Server 4 v4.0.4 on Windows 10 Pro
See this article on how to deal with Chrome and SameSite cookies
I would also try to disable the SameSite handling just to verify if it is the problem or not. See this article for details on how to disable it.
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging cookie problems