Recently I'm learning idenetty server 4, I organized a test project in github
env: windows 10, edge edge: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36 Edg/88.0.705.56
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
// 添加可以处理cookie的处理程序
.AddCookie("Cookies")
// 用于配置执行OpenID Connect协议的处理程序
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://demo.identityserver.io/"; // 受信任令牌服务地址
options.RequireHttpsMetadata = true;
options.ClientId = "interactive.confidential";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.SaveTokens = true; // 用于将来自IdentityServer的令牌保留在cookie中
// 1、添加授权访问api的支持
//options.Scope.Add("scope1");
options.Scope.Add("email");
//options.Scope.Add("profile");
options.GetClaimsFromUserInfoEndpoint = true;
//options.Scope.Add("offline_access");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
The problem is that I have logged in and authorized successfully, but when I jump back, the following error will appear
Exception: Correlation failed.
Unknown location
Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()
After that, I saw some questions about cookies. I added a ConfigureNonBreakingSameSiteCookies, but it still didn't work
when I disabled edge config Cookies without SameSite must be secure, it success.
the question is Is there any other way?
If anyone can provide me some insight on this, I would greatly appreciate it.
As per the above comment, this is likely due to you not using HTTPS. That correlation cookie will be set to SameSite=None or SameSite=Lax since it needs to be accessible during a request initiated by another host and Chrome and Edge will block it by default if not issued by an HTTPS origin.