Login redirect error iphone - Correlation failed

Asked

Viewed 20 times

-2

I’m having problems logging in through google and facebook when accessing through an iphone, after I authenticate my account, on google for example, callback is not called generating an exception.

This is how login works:

  1. The customer clicks on the button (google)
  2. The Externallogin function is called, passing the Provider(google) and the redirect url
  3. Authentication is done and the redirect url is called.

The application uses netCore 2.1, when I access the application using a desktop browser or by mobile using android everything works perfectly, but when I try to login by iphone using facebook or google is generated an exception "Correlation failed"as shown in the image below: inserir a descrição da imagem aqui

Startup.Cs

 public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }
        
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddDbContext<ApplicationDbContext>(options =>
               options.UseSqlite("Data Source=Auth.db"));

            services.AddIdentity<ApplicationUser, IdentityRole>()
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

            string clienteID = System.Diagnostics.Debugger.IsAttached ? "Meu-id" : "Meu-id";
            string clienteSECRET = System.Diagnostics.Debugger.IsAttached ? "Meu-id" : "Meu-id";
            string facebookID = "Meu-id";
            string facebookSECRET = "Meu-id";

            services
                .AddAuthentication(sharedOptions =>
                {
                    sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                })
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                {
                    options.LoginPath = "/Home/Index";
                    options.Cookie.SameSite = SameSiteMode.None;
                })
                .AddGoogle("Google", googleOptions =>
                {
                    googleOptions.ClientId = clienteID;
                    googleOptions.ClientSecret = clienteSECRET;
                    googleOptions.UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo";
                    googleOptions.ClaimActions.Clear();
                    googleOptions.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
                    googleOptions.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
                    googleOptions.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
                    googleOptions.ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
                    googleOptions.ClaimActions.MapJsonKey("urn:google:profile", "link");
                    googleOptions.ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
                    googleOptions.ClaimActions.MapJsonKey("urn:google:picture", "picture", "url");
                    googleOptions.ClaimActions.MapJsonKey("urn:google:locale", "locale", "string");
                })
                .AddFacebook(facebookOptions =>
                {
                    facebookOptions.AppId = facebookID;
                    facebookOptions.AppSecret = facebookSECRET;
                });
                
            services.AddTransient<IEmailSender, EmailSender>();
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services.AddProgressiveWebApp();
            //services.ConfigureExternalCookie(options =>
            //{
            //    // Other options
            //    options.Cookie.SameSite = SameSiteMode.None;
            //});
            //services.ConfigureApplicationCookie(options =>
            //{
            //    // Other options
            //    options.Cookie.SameSite = SameSiteMode.None;
            //});
        }
        
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }

            app.UseAuthentication();
            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy(new CookiePolicyOptions()
            {
                MinimumSameSitePolicy = SameSiteMode.None
            });

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
                routes.MapRoute(
                    name: "LoginEmpresa",
                    template: "{Empresa}",
                    //defaults: new { controller = "Account", action = "LoginPage" });
                    defaults: new { controller = "Home", action = "Index" });
            });
        }
    }

Externallogin

     [HttpPost]
        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public IActionResult ExternalLogin(string provider, string returnUrl = null)
        {
            // Reque;;st a redirect to the external login provider.
            var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { returnUrl });
            AuthenticationProperties properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
            try
            {
                //properties.AllowRefresh = true;
                return Challenge(properties, provider);
            }
            catch (Exception e)
            {
                MetodosAuxiliares.SaveExceptionError(e, "ExternalLogin/try");
            }
            return null;
        }
auth asp-net-core

1 answer

0

The login error was occurring due to a bug in Mac OSX and IOS, which causes Samesite=None cookies to be inadvertently treated as Samesite=Strict, and therefore did not send requests between sites, described here: https://www.chromestatus.com/feature/5088147346030592.

Fixed the problem just by migrating to . NET Core 3.1, there is a bug in version 2.1 that did not assign the value "None" to Samesite cookies.

If the error persists you can create a class to identify the device and set the best assignment for Samesite coockie: https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/

Another way to fix the error is to create a middleware that intercepts page redirect: https://www.thinktecture.com/en/identity/samesite/prepare-your-identityserver/

Browser other questions tagged auth asp-net-core

You are not signed in. Login or sign up in order to post.