Debug code

Author: Ceredron

src/Altinn.Correspondence.API/Auth/CascadeAuthenticationHandler.cs

@@ -8,16 +8,19 @@
 public class CascadeAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 {
     private readonly IAuthenticationSchemeProvider _schemeProvider;
+    private readonly IHttpContextAccessor _httpContextAccessor;
 
     public CascadeAuthenticationHandler(
         IOptionsMonitor<AuthenticationSchemeOptions> options,
         ILoggerFactory logger,
         UrlEncoder encoder,
         ISystemClock clock,
-        IAuthenticationSchemeProvider schemeProvider)
+        IAuthenticationSchemeProvider schemeProvider,
+        IHttpContextAccessor httpContextAccessor)
         : base(options, logger, encoder, clock)
     {
         _schemeProvider = schemeProvider;
+        _httpContextAccessor = httpContextAccessor;
     }
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -51,6 +54,10 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
             else
             {
                 Logger.LogInformation($"Authentication failed with scheme: {schemeName}. Reason: {result.Failure?.Message}: {result.Failure?.StackTrace}");
+                foreach (var item in _httpContextAccessor.HttpContext?.Items)
+                {
+                    Logger.LogInformation(schemeName + " " + item.Key + " " + item.Value);
+                }
             }
 
             // If it's OpenIdConnect and it failed, we don't want to redirect yet

src/Altinn.Correspondence.API/Auth/DependencyInjection.cs

@@ -83,16 +83,18 @@ public static void ConfigureAuthentication(this IServiceCollection services, ICo
                 {
                     options.Cookie.Name = "CorrespondenceIdportenSession";
                     options.Cookie.SameSite = SameSiteMode.None;
-                    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                     options.Cookie.IsEssential = true;
-                    options.ExpireTimeSpan = TimeSpan.FromSeconds(10); // Must be transient/short-lived
+                    options.ExpireTimeSpan = TimeSpan.FromSeconds(60); // Must be transient/short-lived
                     options.SlidingExpiration = false;
                 })
                 .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
                 {
                     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
-                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.NonceCookie.SameSite = SameSiteMode.None;
+                    options.CorrelationCookie.SameSite = SameSiteMode.None;
                     options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
                     options.ResponseMode = OpenIdConnectResponseMode.FormPost;
                     options.Authority = idPortenSettings.Issuer;