ShopifySharp: Cookie Auth Fails in Embedded App

I am creating an app using .NET Core 2.1

When the app loads in the iFrame, the auth cookie is never set or read. Auth works fine outside of the iFrame. What am I missing?

I am running ngrok using: ngrok http -subdomain=mydomain -host-header=localhost:62754 62754

Here is my AuthorizationHandler.HandleRequirementAsync method 👍

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
      SubscribedRequirment requirement) {
      // Get the context       
      if (!(context.Resource is AuthorizationFilterContext redirectContext)) {
        context.Fail();
        return Task.CompletedTask;
      }
      var isAuthenticated = _signInManager.IsSignedIn(context.User); // <-- This is always false in embedded iFrame
      if (isAuthenticated) {
        var userId = context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value; 
        //Get the shop's status from the CacheEngine.
        var status = _cacheEngine.GetShopStatus(userId);
        if (status.BillingIsConnected && status.ShopIsConnected) {
          context.Succeed(requirement);
          return Task.CompletedTask;
        }
        if (status.BillingIsConnected == false) {
          //User has connected their Shopify shop, but they haven't accepted a subscription charge.
          redirectContext.Result = new RedirectToActionResult("register", "charge", null);
          context.Succeed(requirement);
          return Task.CompletedTask;
        }
        //User has created an account, but they haven't connected their Shopify shop.
        redirectContext.Result = new RedirectToActionResult("register", "connect", null);
        context.Succeed(requirement);
        return Task.CompletedTask;
      }
      //User has created an account, but they haven't connected their Shopify shop.
      redirectContext.Result = new RedirectToActionResult("index", "home", null);
      context.Succeed(requirement);
      return Task.CompletedTask;
    }

In Start up

services.Configure<CookiePolicyOptions>(options =>
      {
        options.CheckConsentNeeded = context => false;
        options.MinimumSameSitePolicy = SameSiteMode.None;
      });

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 16 (6 by maintainers)

Most upvoted comments

This post solved a major headache for me. THANK YOU!

+1
elegault on Mar 6, 2021

Which version of .Net are you using?

I’ve had this problem with .NET Core 2.1. It turns out that there is a bug caused by SameSiteMode.None not sending any attribute. For me, this was the solution:

Does not work:

myCookie.Path = “/”; myCookie.SameSite = SameSiteMode.None;

Do work:

myCookie.Path = “/; SameSite=None”;

Source: https://stackoverflow.com/a/58817862/4590784

+1
Matt-Kaminski on Apr 1, 2020

@StriveDen That worked. Thank you very much for sharing your solution and saving me a bunch of time.

+1
valmont on Jun 16, 2018

I’ve been struggling with this for few days, but I manage to solve this problem.

Change your Startup.cs part to this:

 services.ConfigureApplicationCookie(options => {
                options.Cookie.SameSite = SameSiteMode.None; 
});
+1
Matt-Kaminski on Jun 14, 2018
Read more comments on GitHub
← ShopifySharp: 2019-07 breaking change for pagination
ShopifySharp: Exceptions thrown on/after May 31st, 2018 // Response did not indicate success: Status: 0 // TLS stuff →