Configure SameSite Cookies for IFrames

Operations and Security

Folders and checklists

Parts (1)

These are small document-parts which are used in other documents. They are not a starting point for any real activity. Because of this, they will be listed further down and the search will not list them unless requested.

It's super important to set our Cookies to SameSite, so that our DNN content can be used / embedded in other websites. These steps are based on the Microsoft SameSite docs.

Pre-Requisites: .net 4.8

Before you start, do make sure you understand the goals.
.NET 4.8 Patches from Dezember 2019 or later must be installed on the Web Server.
Previous versions incl. 4.7 have various bugs related to the sameSite cookie, so it's never really going to work.

Changes to web.config

Increase ASP.Net Version to 4.8

<system.web>
  <compilation targetFramework="4.8"/>
  <httpRuntime targetFramework="4.8"/>
</system.web>

Adapt <httpCookies> settings in <system.web> like this

<system.web>
  <httpCookies sameSite="None" requireSSL="true" />
<system.web>

Update<forms> key in <authentication> settings in <system.web> like this
```
<forms ... cookieSameSite="None" requireSSL="true"/>
```
Optionally also adapt cookies for anonymousIdentification and forms-authentication (see details). sessionState and roleManager is usually not relevant.
Add app-setting to enable pre-4.5 JavaScript-Validation behavior.
Note: In DNN 9 this is usually already set!
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
(Details)

Embed Checklist

<iframe src="https://azing.org/dnn-community/r/FGRVQ5Wl?embed=1" width="100%" height="400" frameborder="0" allowfullscreen style="box-shadow: 0 1px 3px rgba(60,64,67,.3), 0 4px 8px 3px rgba(60,64,67,.15)"></iframe>

<iframe src="https://azing.org/dnn-community/r/FGRVQ5Wl?embed=1" width="100%" height="400" frameborder="0" allowfullscreen style="box-shadow: 0 1px 3px rgba(60,64,67,.3), 0 4px 8px 3px rgba(60,64,67,.15)"></iframe><script src="https://cdn.azing.org/e/1/embed.js"></script>

Automatically set height

It's really important to set our login cookies to SameSite, so that DNN content can be embedded into other websites using IFrames. Here's how.

Content Copyright

CC-BY 4.0

Translations

None

DNN Community

azing.org/dnn-community
/r/FGRVQ5Wl

View & Use

Public (can be used by everybody)

Edit & Admin

Default (all members can edit)

This catalog has a simple permission model, where all members have the same permissions. For advanced permissions, upgrade to Enterprise.

Here you can see how this document is used and linked by other documents

Used in (0)

Others referencing this

Uses these (1)

Documents linked from this document

How it Behaves

How this document is categorized changes how it behaves.

This is a main document, it is listed normally and appears in search result.

Type

This is a Checklist. Lists are converted into checkboxes.

Get something to say?

Comment to start a discussion or make a note

please log on to chat

folder_shared Operations and Security

folder_shared Operations and Security

Folders and checklists

Parts (1) expand_more

Pre-Requisites: .net 4.8

Changes to web.config

Durchsuche ganz Azing

Operations and Security

Operations and Security

Parts (1)