I'm getting desperate here.
Anyone here familiar with Blazor WASM view side apps? I'm at my wit's end with a cookie issue that I can't find the solution to anywhere online and stackexchange hasn't helped.
Also, since this is WASM, I'm not sure if this is a better fit for the main programming thread.
Evironment:
I have a asp.net core web API on localhost:7### and a view side Blazor WASM app serving pages from localhost:5###
The Issue:
I have one controller (Login) on the API that creates and appends a cookie to the response for later sending by the WASM view app. On the view app itself, when I run another action to get and verify the cookie (this is done on the controller side via a "validatecookie" controller) the cookie returns null.
If I call the GET controller directly in the browser everything functions correctly, so I assume the issue is with the different ports triggering CORS. That or it may be something about the WASM app being http while the API is https. To that end I've setup a CORS policy on the API to allow credentials from the view origin and I've tried a whole gambit of headers and origin flags on the view side but nothing seems to work.
Here is the Login controller that creates and appends the cookie
C#:
[HttpGet("/Login")]
public String Get(String Email, String Pass)
{
String token = null;
token = Auth.Login(Email, Pass);
if (token != null)
{
String basicauth = Convert.ToBase64String(Encoding.ASCII.GetBytes(Email+":"+token));
CookieOptions cookieOptions = new CookieOptions();
Console.WriteLine("Cookie path is: " + cookieOptions.Path);
Console.WriteLine("Cookie domain is: " + cookieOptions.Domain);
Console.WriteLine("Cookie isEssential: " + cookieOptions.IsEssential);
Console.WriteLine("Cookie Samesite: " + cookieOptions.SameSite);
Console.WriteLine("Cookie secure: " + cookieOptions.Secure);
Console.WriteLine("Cookie expires: " + cookieOptions.Expires);
Console.WriteLine("Cookie httponly: " + cookieOptions.HttpOnly);
Console.WriteLine("Cookie max age: " + cookieOptions.MaxAge);
cookieOptions.IsEssential = true;
cookieOptions.SameSite = SameSiteMode.Lax;
cookieOptions.Secure = false;
Response.Cookies.Append("bearer",basicauth,cookieOptions);
Console.WriteLine("Cookie count after login: " + Request.Cookies.Count);
return basicauth;
}
return "token was null";
}
Here is the controller that is supposed to validate the cookie on the API side.
C#:
public class ValidateCookieToken : ControllerBase
{
[EnableCors("CookiePolicy")]
[HttpGet("/ValidateCookie")]
public String Get()
{
String bearertoken;
Console.WriteLine("ValidateCookies Headers Keys: " + Request.Headers.Keys);
foreach (var VARIABLE in Request.Headers.Keys)
{
Console.WriteLine("ValCookie Key: " + VARIABLE + " - Value: " + Request.Headers[VARIABLE]);
}
Console.WriteLine("ValidateCookies current cookie count: " + Request.Cookies.Count);
Console.WriteLine("Validatecookies cookie keys: " + Request.Cookies.Keys);
Console.WriteLine("ValCook headers cookie: " + Request.Headers.Cookie.ToString());
Request.Cookies.TryGetValue("bearer", out bearertoken);
String decodedbearer = Encoding.ASCII.GetString(Convert.FromBase64String(bearertoken));
return decodedbearer;
}
}
Here is the action method on the view app calling the "validatecookie" controller
C#:
private async void CheckCookie()
{
HttpClient client = new HttpClient();
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, "https://localhost:7139/ValidateCookie");
//requestMessage.Options.Set(new HttpRequestOptionsKey<string>(),"true");
//requestMessage.Options.Append(new KeyValuePair<string, object>("credentials","include"));
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Request-Headers"),"Cookie");
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Allow-Origin"),"http://localhost:5196");
requestMessage.Options.Set(new HttpRequestOptionsKey<string>("Access-Control-Allow-Methods"),"GET");
//requestMessage.Headers.Add("Access-Control-Allow-Credentials","true");
//requestMessage.Headers.Add("withCredentials","true");
CommunityObject[] subbedCommunities;
List<CommunityObject> listSubbedCommunities = new List<CommunityObject>();
HttpResponseMessage returnMessage = await client.SendAsync(requestMessage);
var stream = returnMessage.Content.ReadAsStreamAsync();
var contentstring = returnMessage.Content.ReadAsStringAsync();
Console.WriteLine("Community CheckCookie return stream result: " + stream.Result);
cookieresult = contentstring.Result;
}
And here is my current CORS policy config
C#:
builder.Services.AddCors(options =>
{
options.AddPolicy("CookiePolicy",
policy =>
{
policy.AllowCredentials().AllowAnyHeader().AllowAnyMethod().SetIsOriginAllowed(origin => new Uri(origin).Host == "localhost");
});
});