Solution to SameSite None iFrames with C# Solution to SameSite None iFrames with C#

There has been a lot of kerfuffle over Chrome's upcoming change to how cookies are based when one website is iFraming another website in an effort to further improve the security of the Internet.

At the end of the day, the solution is to set your cookies - specifically the .ASPXAUTH cookie - so that when users navigate the website of the iFrame source the cookies will be passed from page-to-page. This is very important to those who are using FormAuthentication.

The solution requires two changes. Let's look at them now.

Fixing SameSite None with FormAuthentication

The first part of the solution is to perform a .NET upgrade. The KB4524420 needs to be applied to your web servers.

This is an important update because it allows for the enum option "None" with the SameSite setting. It also, by defaults, sets SameSite to Lax by default with FormAuthentication.

The second part of the solution is to update your Web.config:


In each of the XML attributes (httpCookies, sessionState, and forms) above I've added sameSite="None". If you haven't already done so in the past, you also need to set requireSSL="true" for httpCookies and forms.

This also requires your site being under SSL; very important to not forget this!

Published on Jan 27, 2020

Tags: ASP.NET MVC and Web API Tutorial | c# | samesite | iframe

Related Posts

Did you enjoy this article? If you did here are some more articles that I thought you will enjoy as they are very similar to the article that you just finished reading.


Learn how to code in HTML, CSS, JavaScript, Python, Ruby, PHP, Java, C#, SQL, and more.

No matter the programming language you're looking to learn, I've hopefully compiled an incredible set of tutorials for you to learn; whether you are beginner or an expert, there is something for everyone to learn. Each topic I go in-depth and provide many examples throughout. I can't wait for you to dig in and improve your skillset with any of the tutorials below.