I want to test a cross-domain authentication after some research it seems SameSite for authentication cookie should be set to none as below:
options.Cookie.SameSite = SameSiteMode.None;
The problem is that when I set SameSite to none, the application can not create an authentication cookie but if set it to Lax or strict it works fine.
This is my code in program.cs:
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "authen";
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.Path = "/";
options.Cookie.Domain = "localhost";
});
Update
After some testing, it seems this happens only in Google Chrome and it works on Firefox fine.
Change this line code to
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
to
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
and it works.