SameSite cookie test in other samples

Tiago Brenck · Tiago Brenck · commit ceb007432155 · 2020-01-16T12:29:35.000-08:00
diff --git a/1-WebApp-OIDC/1-5-B2C/Startup.cs b/1-WebApp-OIDC/1-5-B2C/Startup.cs
@@ -30,6 +30,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Identity.Web;
 
 namespace WebApp_OpenIDConnect_DotNet
 {
@@ -49,7 +50,9 @@ public void ConfigureServices(IServiceCollection services)
             {
                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                 options.CheckConsentNeeded = context => true;
-                options.MinimumSameSitePolicy = SameSiteMode.None;
+                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
+                options.HandleSameSiteCookieCompatibility();
             });
 
             // Configuration to sign-in users with Azure AD B2C
diff --git a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.csproj
@@ -21,4 +21,8 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="3.0.0" />
   </ItemGroup>
 
+  <ItemGroup>
+    <ProjectReference Include="..\..\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
+  </ItemGroup>
+
 </Project>
diff --git a/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.sln b/1-WebApp-OIDC/1-5-B2C/WebApp-OpenIDConnect-DotNet.sln
@@ -5,6 +5,8 @@ VisualStudioVersion = 16.0.29123.89
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApp-OpenIDConnect-DotNet", "WebApp-OpenIDConnect-DotNet.csproj", "{8DCFEEC2-0A85-4C7E-B96A-21C9184470B1}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Identity.Web", "..\..\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj", "{DDD841C1-4657-4FE4-ABE1-529D02E03235}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -15,6 +17,10 @@ Global
 		{8DCFEEC2-0A85-4C7E-B96A-21C9184470B1}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8DCFEEC2-0A85-4C7E-B96A-21C9184470B1}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8DCFEEC2-0A85-4C7E-B96A-21C9184470B1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{DDD841C1-4657-4FE4-ABE1-529D02E03235}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{DDD841C1-4657-4FE4-ABE1-529D02E03235}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{DDD841C1-4657-4FE4-ABE1-529D02E03235}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{DDD841C1-4657-4FE4-ABE1-529D02E03235}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs b/2-WebApp-graph-user/2-1-Call-MSGraph/Startup.cs
@@ -30,7 +30,9 @@ public void ConfigureServices(IServiceCollection services)
             {
                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                 options.CheckConsentNeeded = context => true;
-                options.MinimumSameSitePolicy = SameSiteMode.None;
+                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
+                options.HandleSameSiteCookieCompatibility();
             });
 
             services.AddOptions();
diff --git a/4-WebApp-your-API/Client/Startup.cs b/4-WebApp-your-API/Client/Startup.cs
@@ -31,7 +31,9 @@ public void ConfigureServices(IServiceCollection services)
             {
                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                 options.CheckConsentNeeded = context => true;
-                options.MinimumSameSitePolicy = SameSiteMode.None;
+                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
+                options.HandleSameSiteCookieCompatibility();
             });
 
             services.AddOptions();
