Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

ASP.NET Core 3.1 browser sniffing how to solve the problem of missing Cookie in some browsers

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces ASP.NET Core 3.1 browser sniffing how to solve the problem of missing Cookie in some browsers, which has a certain reference value, and interested friends can refer to it. I hope you can learn a lot after reading this article.

Students who have read the previous article should know that browsers such as Sogou and 360have repeatedly redirected in single sign-on and eventually failed to report an error.

The reason is that non-Chrome80+ browsers do not recognize the value of the SameSite=none attribute on Cookie, which causes the authentication Cookie to be discarded in subsequent requests.

As of 2020Accord 3 / 30, the non-Chrome browser test contains two results:

Case1: the samesite=none that can set cookie, and the cookiecase2 can be read by the browser: set samesite=none to the cookie, and the browser cannot read the latest version number of the cookie browser. As a result, IE11case1win10Edge44.18362.449.0case12020/2/15 starts to use the chrome kernel / 70.0.3538.102Firefox74case1.

12.0.1190.0case1 is based on chromium78 Sogou browser 8.6.1.31812case2User-Agent:Chrome/65.0.3314.0 Cheetah Security browser 6.5.115case2User-Agent:Chrome/57.0.2987.98QQ browser 10.5.3case1chromium 70 Huawei Mobile browser 10.0.6.304case1

Meizu mobile browser 8.5.1case2

Well, the 360 Express browser I reported earlier has updated the Chrome kernel in the new edition. As the mainstream Sogou and Cheetah browsers, do you still use the old version of the Chrome kernel?

If your Web application is going to support older kernel browsers, you need to implement browser sniffing. ASP.NET Core won't help you with browser sniffing because User-Agents values are volatile and change frequently.

But extension points in Microsoft.AspNetCore.CookiePolicy allow you to insert browser sniffing logic.

In Startup.Configure, add the code that calls UseCookiePolicy before calling UseAuthentication or any method written to cookie:

Public void Configure (IApplicationBuilder app, IWebHostEnvironment env)

{

If (env.IsDevelopment ())

{

App.UseDeveloperExceptionPage ()

}

Else

{

App.UseExceptionHandler ("/ Error")

App.UseHsts ()

}

App.UseHttpsRedirection ()

App.UseStaticFiles ()

App.UseRouting ()

/ / indicates that ASP.NET Core starts the Cookie policy

App.UseCookiePolicy ()

App.UseAuthentication ()

App.UseAuthorization ()

App.UseEndpoints (endpoints = >

{

Endpoints.MapRazorPages ()

});

}

In Startup.ConfigureServices, add the policy configuration code for Cookie:

Public void ConfigureServices (IServiceCollection services)

{

Services.Configure (options = >

{

Options.MinimumSameSitePolicy = SameSiteMode (- 1)

Options.OnAppendCookie = cookieContext = >

CheckSameSite (cookieContext.Context, cookieContext.CookieOptions)

Options.OnDeleteCookie = cookieContext = >

CheckSameSite (cookieContext.Context, cookieContext.CookieOptions)

});

Services.AddRazorPages ()

}

Private void CheckSameSite (HttpContext httpContext, CookieOptions options)

{

If (options.SameSite = = SameSiteMode.None)

{

Var userAgent = httpContext.Request.Headers ["User-Agent"] .ToString ()

If (MyUserAgentDetectionLib.DisallowsSameSiteNone (userAgent))

{

Options.SameSite = SameSiteMode.Unspecified

}

}

}

In the above example, MyUserAgentDetectionLib.DisallowsSameSiteNone is a custom library file that detects UserAgent that does not support SameSite=None.

ASP.NET Core3.1 has added a Unspecified enumeration value to SameSiteMode, indicating that the server will not set the SameSite attribute value for Cookie. The rest of the matter of carrying Cookie will be left to the browser default configuration.

The specific detection code is as follows:

Public static bool DisallowsSameSiteNone (string userAgent)

{

/ / Check if a null or empty string has been passed in, since this

/ / will cause further interrogation of the useragent to fail.

If (String.IsNullOrWhiteSpace (userAgent))

Return false

/ / Cover all iOS based browsers here. This includes:

/ /-Safari on iOS 12 for iPhone, iPod Touch, iPad

/ /-WkWebview on iOS 12 for iPhone, iPod Touch, iPad

/ /-Chrome on iOS 12 for iPhone, iPod Touch, iPad

/ / All of which are broken by SameSite=None, because they use the iOS networking

/ / stack.

If (userAgent.Contains ("CPU iPhone OS 12") | |

UserAgent.Contains ("iPad; CPU OS 12"))

{

Return true

}

/ / Cover Mac OS X based browsers that use the Mac OS networking stack.

/ / This includes:

/ /-Safari on Mac OS X.

/ / This does not include:

/ /-Chrome on Mac OS X

/ / Because they do not use the Mac OS networking stack.

If (userAgent.Contains ("Macintosh; Intel Mac OS X 1014") & &

UserAgent.Contains ("Version/") & & userAgent.Contains ("Safari"))

{

Return true

}

/ / Cover Chrome 50-69, because some versions are broken by SameSite=None

/ / and none in this range require it.

/ / Note: this covers some pre-Chromium Edge versions

/ / but pre-Chromium Edge does not require SameSite=None.

If (userAgent.Contains ("Chrome/5") | | userAgent.Contains ("Chrome/6"))

{

Return true

}

Return false

}

Thank you for reading this article carefully. I hope the article "ASP.NET Core 3.1 browser sniffing how to solve the problem of missing Cookie in some browsers" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 293

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report