Skip to content

Commit 2fa145f

Browse files
author
Tiago Brenck
committed
1 parent 1490ae3 commit 2fa145f

4 files changed

Lines changed: 107 additions & 7 deletions

File tree

GroupManager/App_Start/Startup.Auth.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
3030
using Microsoft.Owin.Security.Cookies;
3131
using Microsoft.Owin.Security.Notifications;
3232
using Microsoft.Owin.Security.OpenIdConnect;
33+
using Microsoft.Owin.Host.SystemWeb;
3334
using Owin;
3435
using System;
3536
using System.Security.Claims;
@@ -64,7 +65,10 @@ private void ConfigureAuth(IAppBuilder app)
6465
SecurityTokenValidated = OnSecurityTokenValidated,
6566
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
6667
AuthenticationFailed = OnAuthenticationFailed,
67-
}
68+
},
69+
// Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/samesite/owin-samesite
70+
CookieManager = new SameSiteCookieManager(
71+
new SystemWebCookieManager())
6872
});
6973
}
7074

GroupManager/GroupManager.csproj

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
<?xml version="1.0" encoding="utf-8"?>
22
<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3-
<Import Project="..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props" Condition="Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" />
3+
<Import Project="..\packages\Microsoft.Net.Compilers.3.4.0\build\Microsoft.Net.Compilers.props" Condition="Exists('..\packages\Microsoft.Net.Compilers.3.4.0\build\Microsoft.Net.Compilers.props')" />
44
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
55
<PropertyGroup>
66
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -98,8 +98,8 @@
9898
<Reference Include="Microsoft.Owin, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
9999
<HintPath>..\packages\Microsoft.Owin.4.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
100100
</Reference>
101-
<Reference Include="Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
102-
<HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.1\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
101+
<Reference Include="Microsoft.Owin.Host.SystemWeb, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
102+
<HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.4.1.0\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
103103
</Reference>
104104
<Reference Include="Microsoft.Owin.Security, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
105105
<HintPath>..\packages\Microsoft.Owin.Security.4.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
@@ -127,8 +127,11 @@
127127
<Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
128128
<HintPath>..\packages\System.IdentityModel.Tokens.Jwt.5.3.0\lib\net461\System.IdentityModel.Tokens.Jwt.dll</HintPath>
129129
</Reference>
130+
<Reference Include="System.Runtime" />
130131
<Reference Include="System.Runtime.Caching" />
132+
<Reference Include="System.Runtime.InteropServices" />
131133
<Reference Include="System.Runtime.Serialization" />
134+
<Reference Include="System.Threading.Thread" />
132135
<Reference Include="System.Web.DynamicData" />
133136
<Reference Include="System.Web.Entity" />
134137
<Reference Include="System.Web.ApplicationServices" />
@@ -197,6 +200,7 @@
197200
<Compile Include="Utils\MSALAppSessionTokenCache.cs" />
198201
<Compile Include="Utils\MSALPerUserMemoryTokenCache.cs" />
199202
<Compile Include="Utils\MSALPerUserSessionTokenCache.cs" />
203+
<Compile Include="Utils\SameSiteCookieManager.cs" />
200204
</ItemGroup>
201205
<ItemGroup>
202206
<Content Include="Content\bootstrap-theme.css" />
@@ -290,7 +294,7 @@
290294
<PropertyGroup>
291295
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
292296
</PropertyGroup>
293-
<Error Condition="!Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props'))" />
297+
<Error Condition="!Exists('..\packages\Microsoft.Net.Compilers.3.4.0\build\Microsoft.Net.Compilers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Net.Compilers.3.4.0\build\Microsoft.Net.Compilers.props'))" />
294298
</Target>
295299
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
296300
Other similar extension points exist, see Microsoft.Common.targets.

GroupManager/Utils/SameSiteCookieManager.cs

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
using Microsoft.Owin;
2+
using Microsoft.Owin.Infrastructure;
3+
4+
namespace GroupManager.Utils
5+
{
6+
/// <summary>
7+
/// Handles SameSite cookie issue according to the docs: https://docs.microsoft.com/en-us/aspnet/samesite/owin-samesite
8+
/// The default list of user-agents that disallow SameSite None, was taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
9+
/// </summary>
10+
/// <returns></returns>
11+
public class SameSiteCookieManager : ICookieManager
12+
{
13+
private readonly ICookieManager _innerManager;
14+
15+
public SameSiteCookieManager() : this(new CookieManager())
16+
{
17+
}
18+
19+
public SameSiteCookieManager(ICookieManager innerManager)
20+
{
21+
_innerManager = innerManager;
22+
}
23+
24+
public void AppendResponseCookie(IOwinContext context, string key, string value,
25+
CookieOptions options)
26+
{
27+
CheckSameSite(context, options);
28+
_innerManager.AppendResponseCookie(context, key, value, options);
29+
}
30+
31+
public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
32+
{
33+
CheckSameSite(context, options);
34+
_innerManager.DeleteCookie(context, key, options);
35+
}
36+
37+
public string GetRequestCookie(IOwinContext context, string key)
38+
{
39+
return _innerManager.GetRequestCookie(context, key);
40+
}
41+
42+
private void CheckSameSite(IOwinContext context, CookieOptions options)
43+
{
44+
if (options.SameSite == Microsoft.Owin.SameSiteMode.None
45+
&& DisallowsSameSiteNone(context))
46+
{
47+
options.SameSite = null;
48+
}
49+
}
50+
51+
// Method taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
52+
public static bool DisallowsSameSiteNone(IOwinContext context)
53+
{
54+
var userAgent = context.Request.Headers["User-Agent"];
55+
56+
// Cover all iOS based browsers here. This includes:
57+
// - Safari on iOS 12 for iPhone, iPod Touch, iPad
58+
// - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
59+
// - Chrome on iOS 12 for iPhone, iPod Touch, iPad
60+
// All of which are broken by SameSite=None, because they use the iOS
61+
// networking stack.
62+
if (userAgent.Contains("CPU iPhone OS 12") ||
63+
userAgent.Contains("iPad; CPU OS 12"))
64+
{
65+
return true;
66+
}
67+
68+
// Cover Mac OS X based browsers that use the Mac OS networking stack.
69+
// This includes:
70+
// - Safari on Mac OS X.
71+
// This does not include:
72+
// - Chrome on Mac OS X
73+
// Because they do not use the Mac OS networking stack.
74+
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
75+
userAgent.Contains("Version/") && userAgent.Contains("Safari"))
76+
{
77+
return true;
78+
}
79+
80+
// Cover Chrome 50-69, because some versions are broken by SameSite=None,
81+
// and none in this range require it.
82+
// Note: this covers some pre-Chromium Edge versions,
83+
// but pre-Chromium Edge does not require SameSite=None.
84+
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
85+
{
86+
return true;
87+
}
88+
89+
return false;
90+
}
91+
}
92+
}

GroupManager/packages.config

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,11 @@
2424
<package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net472" />
2525
<package id="Microsoft.IdentityModel.Tokens" version="5.3.0" targetFramework="net472" />
2626
<package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net472" />
27-
<package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net472" developmentDependency="true" />
27+
<package id="Microsoft.Net.Compilers" version="3.4.0" targetFramework="net472" developmentDependency="true" />
2828
<package id="Microsoft.NETCore.Platforms" version="1.1.1" targetFramework="net472" />
2929
<package id="Microsoft.NETCore.Targets" version="1.1.3" targetFramework="net472" />
3030
<package id="Microsoft.Owin" version="4.1.0" targetFramework="net472" />
31-
<package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net472" />
31+
<package id="Microsoft.Owin.Host.SystemWeb" version="4.1.0" targetFramework="net472" />
3232
<package id="Microsoft.Owin.Security" version="4.1.0" targetFramework="net472" />
3333
<package id="Microsoft.Owin.Security.Cookies" version="4.1.0" targetFramework="net472" />
3434
<package id="Microsoft.Owin.Security.OpenIdConnect" version="4.1.0" targetFramework="net472" />

0 commit comments

Comments
 (0)