There has been a lot of kerfuffle over Chrome's upcoming change to how cookies are based when one website is iFraming another website in an effort to further improve the security of the Internet.
At the end of the day, the solution is to set your cookies - specifically the .ASPXAUTH cookie - so that when users navigate the website of the iFrame source the cookies will be passed from page-to-page. This is very important to those who are using FormAuthentication.
The solution requires two changes. Let's look at them now.
The first part of the solution is to perform a .NET upgrade. The KB4524420 needs to be applied to your web servers. This is an important update because it allows for the enum option "None" with the SameSite setting. It also, by defaults, sets SameSite to Lax by default with FormAuthentication. The second part of the solution is to update your Web.config: In each of the XML attributes (httpCookies, sessionState, and forms) above I've added sameSite="None". If you haven't already done so in the past, you also need to set requireSSL="true" for httpCookies and forms. This also requires your site being under SSL; very important to not forget this! Published on Jan 27, 2020 Tags: ASP.NET MVC and Web API Tutorial
| c#
| samesite
| iframe
Did you enjoy this article? If you did here are some more articles that I thought you will enjoy as they are very similar to the article
that you just finished reading.
Jamie Munro is the author of ASP.NET MVC 5 with Bootstrap and Knockout.js,
Knockout.js: Building Dynamic Client-Side Web Applications,
20 Recipes for Programming MVC 3,
and 20 Recipes for Programming PhoneGap. He has been developing websites and web applications for over 20 years. Jamie began his writing career in 2009. As the success of Jamie's blog grew, he turned his writing passion to books about web development in hopes that his many years of experience could be passed on to his readers. No matter the programming language you're looking to learn, I've hopefully compiled an incredible set of tutorials for you to learn; whether you are beginner
or an expert, there is something for everyone to learn. Each topic I go in-depth and provide many examples throughout. I can't wait for you to dig in
and improve your skillset with any of the tutorials below.
Fixing SameSite None with FormAuthentication
Related Posts
Tutorials
Learn how to code in HTML, CSS, JavaScript, Python, Ruby, PHP, Java, C#, SQL, and more.