Hi, we followed the instructions of the link you mentioned but we still cannot login from our frontend.
Here is a detailed description of the problem:
- We made the changes to the HttpApi.Host project as instructed and redeployed the backend.
- added the class "SameSiteCookiesServiceCollectionExtensions" to the HttpApi.Host project.
- modified the HttpApiHost module:
- added "context.Services.AddSameSiteCookiePolicy();" in "ConfigureServices" method.
- added "app.UseCookiePolicy()" in "OnApplicationInitialization" method.
- The backend's binding is on HTTP port 80 with header name of "mydomain-backend.xyz.it"
- The backend is working correctly, if we try to login manually calling the API method "/api/account/login" it works and we receive a "success" response.
- The frontend's binding is on HTTP port 80 with a different header name "mydomain-frontend.xyz.it".
- When we access the frontend, we can see the home page layout and we can see in the browser's network tab that a call is made to "application-configuration" on the backend; the HTTP status of this call is 200 and we can see the localization resources in the response body.
- When we try to click on the "Login" button on the frontend layout, nothing happens and the network tab does not report anything.
- If we try the same exact configuration on a local development PC, we see that when we click on the login button in the frontend, we are redirected to the "localhost:44360/Account/Login" page.
- In the development enviroment we see this call when we access the frontend: http://localhost:44360/.well-known/openid-configuration (we get the response: net::ERR_CONNECTION_RESET ).
- In the development environment, even if we configured everywhere to use HTTP, we see that the endpoint "https://localhost:44360/.well-known/openid-configuration" is still answering only on HTTPS.
- If we inspect the network browser on the local development machine we see that there is a call to an "openid-configuration" endpoint.
- In the deploy environment we do not see this call, we only see the call to the "application-configuration" endpoint.
- In the deploy environment DB, we double cheched the Identity configuration tables (IdentityServerClientRedirectUris, IdentityServerClientPostLogoutRedirectUris, IdentityServerClientCorsOrigins).
Can you please help us ?
Use it https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n it works on http
Do you remove this code at xxxxModule.cs in the OnApplicationInitialization() fucntion? app.UseHttpsRedirection(); -》 //app.UseHttpsRedirection();