1

I'm trying to set up Cookie Authentication in Blazor WebAssembly, running in Chrome.

WebApp runs on https://localhost:44342
WebApi runs on https://localhost:44377

After a post request (with PostAsJsonAsync) to https://localhost:44377/user/loginuser with valid credentials, the WebApi sends back a response header with Set-Cookie: .AspNetCore.Cookies=...

That cookie seems to be rejected by the browser, because

  1. I don't see it in F12 -> Application -> Cookies
  2. Subsequent requests don't have the cookie attached

I researched the problem on the net extensively. I found loads of hints and explanations. Including configuring CORS, using the IP instead of localhost, setting cookie properties like SameSite, HttpOnly, Expiration and Domain or using chrome internals for further investigation.

None of that helped. Set-Cookie is still ignored by the browser.

Does anyone have a good idea on how I could proceed? Thanks

Jens Mander
  • 430
  • 7
  • 15

1 Answers1

1

I had probably the same problem. Chrome browser is denying the cookie ‘couse the domain is not using SSL and the cookie policy uses samesite:none.

I solved using a certificate in IIS (using HTTPS instead of HTTP). I had this problem only in production. For the development environment, when you create the project, visual studio asks if you want register a development certificate. Check yes.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Nathan Gallete
  • 168
  • 5