Set cookie not over HTTPS in ASP.NET Core
I have two microservices. One is for identity. I am trying to set auth cookie and I have this middleware:
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.None,
Secure = CookieSecurePolicy.None,
HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.None
});
And also this service:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.IsEssential = true;
});
And also browser throws this warning:
So I want to know if it is possible to set cookie not over HTTPS.
Solution
You need to set the cookie over Https, otherwise it will not work.
This is because the Samesite cookie functionality requires that it is done over HTTPs when the cookies reaches the browser.
see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
That says:
Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging cookie problems
- Replacing service layer with MediatR - is it worth to do it?
- ASP.NET Core MVC filter analogue for gRPC service
- Why is using custom routes returning a 404 in my Razor Pages application?
- Why Http Post in Orchard Core asp net core Web App returns bad request
- Property Injection in ASP.NET Core
- How to force ASP.NET Core source code to not be optimized
- Is there any way to load a single page at a time using Blazor WebAssembly
- This localhost page can’t be found - No webpage was found for the web address.- ASP.NET Core
- log4net:ERROR ConfigureFromXml called with null 'element' parameter for Postgres SQL
- ASP.Net Core Background Service with Task Queue, does it need a Task.Delay?
- Input number does not respect step
- How to customize localization provider (.resx to database) in Razor Pages
- How to get user information in DbContext using Net Core
- Application Insights does not capture information level logging
- How to best add the Last-Modified header in asp .net middleware
- What is the correct way to get data for an EditForm using EF Core, with or without tracking?
- Why my properties in my blazor wasm always become null when i submit the form
- Blazor two way binding and on value changed event in the parent
- How to search for users in Active Directory from ASP.NET Core
- The framework 'Microsoft.NETCore.App', version '5' was not found while Microsoft.NETCore.App 5.0.0 is found
- ILoggingBuilder AddEventLog Linux compatibility
- Getting duplicates when saving an item with two fields in a many-to-many relationship
- Filter Serilog logs to different sinks depending on context source?
- ASP.NET Core log-in not redirecting me to home page
- ASP.NET Core 6 : The best way to list a group of numbers in a string?
- Error when using implementations with different constraints in C# dependency injection
- Azure Storage Account StorageSharedKeyCredential
- ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
- Blazor Web App NavigationManager in Client -> Exception_WasThrown
- How to return JSON result in ASP.NET Core 8 project