The cookie .AspNetCore.OpenIdConnect.Nonce has set SameSite=None' and must also set 'Secure'

I’m new to auth0 and also to blazor server.

I’m creating a blazor server app. Integrated it with auth0 following the .net 8 tutorial: https://auth0.com/blog/auth0-authentication-blazor-web-apps/ thanks to @andrea.chiarelli .

Now, I deployed the app to Azure Container Apps: there basically the app run in HTTP, and the infrastructure handles the https thing. Nothing worked until I added this to Program.cs:

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
      ForwardedHeaders = ForwardedHeaders.XForwardedProto
})

Now, when I try to login, I get a weird error when auth0 tries to go to the callback url: it simply throws a HTTP ERROR 431 and my Chrome stays kinda black.

It takes FOREVER to return from the login page in auth0.

If I check the code of my server, all the time it is taking forever, something like this is displayed in the log all the time:

  The cookie '.AspNetCore.OpenIdConnect.Nonce.CfDxxxxxxxxxx' has set 'SameSite=None' and must also set 'Secure'.

And no idea what to do after that.

Thanks :slight_smile:

(BTW, no idea how to select the proper tags… I was trying to get dotnet and blazor)

Hi @psantosl,
I’m not familiar with Azure Container Apps, but I don’t think it’s a specific problem with Auth0 and Blazor as much as it is with the configuration of an ASP.NET Core application within a container.

I can confirm that you need to forward headers. Not sure if forwarding just the protocol is enough. Have a look here to learn more.

Not sure if the HTTP 431 status code can depend on the correct header forwarding configuration. Otherwise, you can take a look at this article, which seems to address Kestrel’s configuration (not sure).

Finally, I would see if the previous investigations and fixes might also fix the cookie issue.

Hi Andrea,

We were finally able to fix it a few hours ago.

Problems we found:

  1. The official examples use a .cshtml page to implement the login (and logout). Since cshtml wasn’t loaded by the Blazor app (no idea how to make it work, never worked), we implemented a Login.razor as follows:
@page "/login"
@using Auth0.AspNetCore.Authentication
@using Microsoft.AspNetCore.Authentication;
@inject IHttpContextAccessor HttpContextAccessor



@code {
    
    private string redirectUri = "";

    protected override async Task OnInitializedAsync()
    {
        var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
                .WithRedirectUri(redirectUri)
                .Build();

        await HttpContextAccessor.HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
    }

    
}

For some reason I don’t know, this provoked the infinite loop. The login “seemed to work” but when returning to the callback, it stayed there forever, loading some Nounce cookie again and again until the error was that the headers were too long.

  1. Then we deleted these 2 razor pages (Login as above and Logout) and used this one as explained in your blogpost: Add Auth0 Authentication to Blazor Web Apps
app.MapGet("/Account/Login", async (HttpContext httpContext, string redirectUri = "/") =>
{
  var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
          .WithRedirectUri(redirectUri)
          .Build();
  await httpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
});

app.MapGet("/Account/Logout", async (HttpContext httpContext, string redirectUri = "/") =>
{
  var authenticationProperties = new LogoutAuthenticationPropertiesBuilder()
          .WithRedirectUri(redirectUri)
          .Build();
  await httpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
  await httpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
});

Then everything started to work.

By the way, we had to add this too since inside Container Apps the code doesn’t use HTTPS (this is handled outside):

app.UseForwardedHeaders(new ForwardedHeadersOptions
{	{
      ForwardedHeaders = ForwardedHeaders.XForwardedProto	      ForwardedHeaders = ForwardedHeaders.XForwardedProto
});	});


app.UseCookiePolicy(new CookiePolicyOptions	app.UseAuthentication();
{	app.UseAuthorization();
    HttpOnly = HttpOnlyPolicy.Always,	
    MinimumSameSitePolicy = SameSiteMode.None,
}

This happens before

app.UseAuthentication();

Otherwise I believe nothing works.

Hope it helps others.

1 Like

Hey @psantosl,
Thank you so much for sharing your solution! :pray: That will help others for sure

I see that there was some mix up between .NET 7 and .NET 8 code :slightly_smiling_face:
Glad to hear that you fixed it anyway!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.