From a5782aeceb353af2f56303a3906b1800b358461d Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Mon, 14 Oct 2024 19:33:35 +0200 Subject: [PATCH] Debug code --- .../Auth/CascadeAuthenticationHandler.cs | 9 ++++++++- .../Auth/DependencyInjection.cs | 10 ++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/Altinn.Correspondence.API/Auth/CascadeAuthenticationHandler.cs b/src/Altinn.Correspondence.API/Auth/CascadeAuthenticationHandler.cs index 7fea3b91..0a4d4406 100644 --- a/src/Altinn.Correspondence.API/Auth/CascadeAuthenticationHandler.cs +++ b/src/Altinn.Correspondence.API/Auth/CascadeAuthenticationHandler.cs @@ -8,16 +8,19 @@ public class CascadeAuthenticationHandler : AuthenticationHandler { private readonly IAuthenticationSchemeProvider _schemeProvider; + private readonly IHttpContextAccessor _httpContextAccessor; public CascadeAuthenticationHandler( IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, - IAuthenticationSchemeProvider schemeProvider) + IAuthenticationSchemeProvider schemeProvider, + IHttpContextAccessor httpContextAccessor) : base(options, logger, encoder, clock) { _schemeProvider = schemeProvider; + _httpContextAccessor = httpContextAccessor; } protected override async Task HandleAuthenticateAsync() @@ -51,6 +54,10 @@ protected override async Task HandleAuthenticateAsync() else { Logger.LogInformation($"Authentication failed with scheme: {schemeName}. Reason: {result.Failure?.Message}: {result.Failure?.StackTrace}"); + foreach (var item in _httpContextAccessor.HttpContext?.Items) + { + Logger.LogInformation(schemeName + " " + item.Key + " " + item.Value); + } } // If it's OpenIdConnect and it failed, we don't want to redirect yet diff --git a/src/Altinn.Correspondence.API/Auth/DependencyInjection.cs b/src/Altinn.Correspondence.API/Auth/DependencyInjection.cs index 9adffadc..625393dd 100644 --- a/src/Altinn.Correspondence.API/Auth/DependencyInjection.cs +++ b/src/Altinn.Correspondence.API/Auth/DependencyInjection.cs @@ -83,16 +83,18 @@ public static void ConfigureAuthentication(this IServiceCollection services, ICo { options.Cookie.Name = "CorrespondenceIdportenSession"; options.Cookie.SameSite = SameSiteMode.None; - options.Cookie.SecurePolicy = CookieSecurePolicy.Always; + options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; options.Cookie.IsEssential = true; - options.ExpireTimeSpan = TimeSpan.FromSeconds(10); // Must be transient/short-lived + options.ExpireTimeSpan = TimeSpan.FromSeconds(60); // Must be transient/short-lived options.SlidingExpiration = false; }) .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always; - options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always; + options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; + options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; + options.NonceCookie.SameSite = SameSiteMode.None; + options.CorrelationCookie.SameSite = SameSiteMode.None; options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet; options.ResponseMode = OpenIdConnectResponseMode.FormPost; options.Authority = idPortenSettings.Issuer;