Getting “Unrecognized SameSiteMode value -1” InvalidOperationException in ASP.NET Core 3.1 Web Application

问题

I'm running some tests to prepare for the upcoming Chrome version with the changes to SameSite handling of cookies, but my web application is giving trouble. I can reproduce it in the following way:

1. Use Visual Studio 2019 (16.4.3) to create a new project.
2. Pick "ASP.NET Core Web Application" and enable https.
3. Add a "Scaffolded Item" and add ASP.NET Core Identity.

4. When asked, scaffold all files, and add a fresh data context and user, using SQLite:

5. Add services.AddRazorPages(); to Startup

6. Add endpoints.MapRazorPages(); into the UseEndpoints configuration lambda

7. Add the SameSiteCookiesServiceCollectionExtensions as suggested by ThinkTecture and use it by adding services.ConfigureNonBreakingSameSiteCookies(); to your Startup. Alternatively, just leave out the browser sniffing part (not needed for this repro I think), skip copying linked solution, and instead do this:

   services.Configure<CookiePolicyOptions>(options =>
   {
       options.MinimumSameSitePolicy = (Microsoft.AspNetCore.Http.SameSiteMode)(-1);
   });
   

8. Add app.UseCookiePolicy(); to Startup to enable the code

9. Start the application (for me it starts in IIS Express on https://localhost:44342/)
10. Navigate to https://localhost:44342/Identity/Account/Login

The result for me is:

An unhandled exception occurred while processing the request.
InvalidOperationException: Unrecognized SameSiteMode value -1
Microsoft.AspNetCore.CookiePolicy.ResponseCookiesWrapper.ApplyPolicy(string key, CookieOptions options)

The full stack trace, should it be important:

InvalidOperationException: Unrecognized SameSiteMode value -1
Microsoft.AspNetCore.CookiePolicy.ResponseCookiesWrapper.ApplyPolicy(string key, CookieOptions options)
Microsoft.AspNetCore.CookiePolicy.ResponseCookiesWrapper.ApplyAppendPolicy(ref string key, ref string value, CookieOptions options)
Microsoft.AspNetCore.CookiePolicy.ResponseCookiesWrapper.Append(string key, string value, CookieOptions options)
Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager.AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager.DeleteCookie(HttpContext context, string key, CookieOptions options)
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler.HandleSignOutAsync(AuthenticationProperties properties)
Microsoft.AspNetCore.Authentication.AuthenticationService.SignOutAsync(HttpContext context, string scheme, AuthenticationProperties properties)
AuthTest.Areas.Identity.Pages.Account.LoginModel.OnGetAsync(string returnUrl) in Login.cshtml.cs
+
            await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory+NonGenericTaskHandlerMethod.Execute(object receiver, object[] arguments)
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

If I check dotnet --info I see:

• Host Version: 3.1.1
• .NET Core SDKs installed: a whole bunch, up to and including 3.1.100 and 3.1.101
• Several .NET Core runtimes installed including Microsoft.AspNetCore.App versions 3.1.0 and 3.1.1

Some additional details and attempted workarounds:

• csproj contains <Project Sdk="Microsoft.NET.Sdk.Web"> that should (as far as I know) use the latest stuff available
• I've rebooted to make sure there is no transient problem lingering
• one colleague with a Windows machine, can reproduce the problem
• another colleague, with a Linux Mint machine, does not have the problem
• I've tried dotnet nuget locals all --clear but it didn't help
• I can see the error line in the 3.0.0 sources but not in the 3.1.0 sources (or master) of ASP NET Core
• I have tried dotnet new globaljson --sdk-version 3.1.101 to force the right version, but it didn't work (though I'm not sure if that's the right way to go about using one)
• I want to try to remove specific versions from my machine but I run into problems uninstalling things (apart from the fact that the Version Selection features should render that approach unnecessary, right?)

So I presume I'm facing a variant of this ASP.NET Core GitHub issue that mentions my version is too low? But I'm not sure how to proceed now, since I feel I already cleared everything.

What am I missing here? What do I need to do to fix this?

回答1:

Turns out this happens if you do not pay attention and pick 3.0.x in the Visual Studio dialogs for creating the application. If you pick the right one (3.1.x) you will get:

<PropertyGroup>
  <TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>

in your .csproj file, as well as 3.1.x versions of several packages instead.

Not sure why Linux would specifically not have the issue, maybe it's just that those machines coincidentally don't have 3.0.x versions of dotnet core available or installed, and it runs your code against 3.1, thus obscuring the problem?

来源：https://stackoverflow.com/questions/59836767/getting-unrecognized-samesitemode-value-1-invalidoperationexception-in-asp-ne