question

osyris-3187 avatar image
0 Votes"
osyris-3187 asked AgaveJoe edited

create cookies using the addCors service in Api project

I am trying to create a cookie.
I Run asp net core on host port: 44332
and the the front-end reactjs on port 3000

my Cors service:

     services.AddCors(options =>
             {
                 options.AddPolicy(name: "ReactChat",
                     builder =>
                     {
                         builder.AllowAnyMethod()
                         .WithOrigins("http://localhost:3000")
                         .AllowAnyHeader()
                         .AllowCredentials();
                     });
    
             });

I have tried a couple of things

 string newGuid = Guid.NewGuid().ToString();
             HttpContext.Response.Cookies.Append("Login", newGuid, new CookieOptions
             {
                 SameSite = SameSiteMode.None,
                 Domain = "http://localhost:3000/"
             }); ;

and in the configureservices:

 services.ConfigureApplicationCookie(options =>
             {
                 options.Cookie.Domain = "http://localhost:3000";
                 options.Cookie.Name = ".AspNet.SharedCookie";
                 options.Cookie.Path = "/";
             });





dotnet-aspnet-core-webapidotnet-aspnet-core-generaldotnet-aspnet-core-securitydotnet-aspnet-spa
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @osyris-3187 , I think you need check this doc to learn how to share cookie in cross domain.

0 Votes 0 ·

I have already seen that document but i cant get it to work, thats why im asking for help

0 Votes 0 ·
Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered

the domain for localhost is "". in any case it does not include protocol or port.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

osyris-3187 avatar image
0 Votes"
osyris-3187 answered osyris-3187 edited

the domain for localhost is "". in any case it does not include protocol or port.

I have tried :

 HttpContext.Response.Cookies.Append("Login", newGuid, new CookieOptions
      {
      SameSite = SameSiteMode.None,
      Domain = ""
        
      }); ;


and this:

 services.ConfigureApplicationCookie(options =>
  {
  options.Cookie.Domain = "";
  options.Cookie.Name = ".AspNet.SharedCookie";
  options.Cookie.Path = "/";
  });

both this not work:

this is my entire ConfigureServices maybe it can help to understand the problem beter:

 public void ConfigureServices(IServiceCollection services)
  {
    
  services.AddControllers();
  services.AddDbContext<ApplicationDbContext>(options =>
     options.UseSqlServer(Configuration.GetConnectionString("Database")));
    
  services.AddIdentity<ApplicationUser, ApplicationRole>()
  .AddEntityFrameworkStores<ApplicationDbContext>()
  .AddDefaultTokenProviders();
  services.Configure<IdentityOptions>(options =>
  {
  // Default Password settings.
  options.Password.RequireDigit = true;
  options.Password.RequireLowercase = true;
  options.Password.RequireNonAlphanumeric = true;
  options.Password.RequireUppercase = true;
  options.Password.RequiredLength = 6;
  options.Password.RequiredUniqueChars = 1;
  });
    
  services.ConfigureApplicationCookie(options =>
  {
  options.Cookie.Domain = "";
  options.Cookie.Name = ".AspNet.SharedCookie";
  options.Cookie.Path = "/";
  });
    
    
  services.AddCors(options =>
  {
  options.AddPolicy(name: "ReactChat",
  builder =>
  {
  builder.AllowAnyMethod()
  .WithOrigins("http://localhost:3000")
  .AllowAnyHeader()
  .AllowCredentials();
  });
    
  });
    
  services.AddSignalR();
    
  }

and the controller api:

 [HttpPost("login")]
  public async Task<IActionResult> Login(LoginDto dto)
  {
  string newGuid = Guid.NewGuid().ToString();
  HttpContext.Response.Cookies.Append("Login", newGuid, new CookieOptions
  {
  SameSite = SameSiteMode.None,
  Domain = "http://localhost:3000/"
  //HttpOnly = false
  }); ;
  return Ok();
 }









5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered osyris-3187 edited

the following is still wrong.

HttpPost("login")]
public async Task<IActionResult> Login(LoginDto dto)
{
string newGuid = Guid.NewGuid().ToString();
HttpContext.Response.Cookies.Append("Login", newGuid, new CookieOptions
{
SameSite = SameSiteMode.None,
Domain = "http://localhost:3000/"
//HttpOnly = false
}); ;
return Ok();
}

also what does not work mean? did you use the browser tools to trace the cookies?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

also what does not work mean? did you use the browser tools to trace the cookies?

The cookie is not appearing, i have looked into the application tab in the google tools
under Cookies -> host url: there is nothing
without Cors there would be a cookie

the following is still wrong.

I understand could you please help me with a working code

that would help me out.
i have tried: Domain = "" alread
0 Votes 0 ·
osyris-3187 avatar image
0 Votes"
osyris-3187 answered AgaveJoe edited

Can someone help me please solving this problem
to connect asp net core with reactjs with Cors:

I have tried this code as well in the start.cs:

 var directory = new DirectoryInfo("C:/Users/Gebruiker/Desktop/React/Real-Time-App/client/");
    
             services.AddDataProtection()
             .PersistKeysToFileSystem(directory)
             .SetApplicationName("SharedCookieApp");
    
             services.ConfigureApplicationCookie(options =>
             {
                 options.Cookie.Domain = "";
                 options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.None;
                 options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
             });


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @osyris-3187 , Did you add the configuration for both of the two projects? Besides, Did you login with Identity or not?

0 Votes 0 ·

My best guess is you are trying to use cookies for Web API authorization which is not a recommended approach. The remote Web API application should use a token not a cookie to authorize access as explained in your other threads. Also CORS has nothing to do with cookies.

Can you explain the general design?


0 Votes 0 ·