OKTA-319837 ASP.NET Core (2.x and 3.x) Samples > Update samples and instructions to use https

andriizhegurov-okta · andriizhegurov-okta · commit 3ba25d455e90 · 2020-08-17T16:25:56.000+03:00
For all the projects besides resource servers which should be changed together with JS samples:
* Included configuration files to make sure https is used and port numbers match the descriptions.
* READMEs were changed accordingly and extended with information about SameSite restrictions.
diff --git a/.gitignore b/.gitignore
@@ -46,7 +46,6 @@ dlldata.c
 project.lock.json
 project.fragment.lock.json
 artifacts/
-**/Properties/launchSettings.json
 
 *_i.c
 *_p.c
diff --git a/samples-aspnetcore-2x/okta-hosted-login/README.md b/samples-aspnetcore-2x/okta-hosted-login/README.md
@@ -21,13 +21,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **NOTE:** This sample is using ASP.NET Core 2.2 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 and using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on ports 5001 and using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
diff --git a/samples-aspnetcore-2x/okta-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-2x/okta-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
diff --git a/samples-aspnetcore-2x/self-hosted-login/README.md b/samples-aspnetcore-2x/self-hosted-login/README.md
@@ -21,13 +21,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **NOTE:** This sample is using ASP.NET Core 2.2 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on port 5001 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
@@ -44,7 +46,7 @@ Go to your [Okta Developer Console] and update the following parameters in your
 * **Login redirect URI** - for example, `https://localhost:5001/authorization-code/callback`
 * **Logout redirect URI** - for example, `https://localhost:5001/signout/callback`
 
-Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origin** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
+Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origins** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
 
 For step-by-step instructions, visit the Okta [Sign Users in to Your Web Application guide] which will show you how to sign users in using Okta and, [Sign Users Out guide] which will show you how to sign users out of your app and out of Okta.
 
diff --git a/samples-aspnetcore-2x/self-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-2x/self-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
diff --git a/samples-aspnetcore-2x/social-login/README.md b/samples-aspnetcore-2x/social-login/README.md
@@ -22,13 +22,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **Note:** This sample is using ASP.NET Core 2.2 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on port 5001 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
@@ -45,7 +47,7 @@ Go to your [Okta Developer Console] and update the following parameters in your
 * **Login redirect URI** - for example, `https://localhost:5001/authorization-code/callback`
 * **Logout redirect URI** - for example, `https://localhost:5001/signout/callback`
 
-Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origin** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
+Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origins** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
 
 For step-by-step instructions, visit the Okta [Sign Users in to Your Web Application guide] which will show you how to sign users in using Okta and, [Sign Users Out guide] which will show you how to sign users out of your app and out of Okta.
 
diff --git a/samples-aspnetcore-2x/social-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-2x/social-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
diff --git a/samples-aspnetcore-3x/okta-hosted-login/README.md b/samples-aspnetcore-3x/okta-hosted-login/README.md
@@ -21,13 +21,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **NOTE:** This sample is using ASP.NET Core 3.1 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on port 5001 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
diff --git a/samples-aspnetcore-3x/okta-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-3x/okta-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
diff --git a/samples-aspnetcore-3x/self-hosted-login/README.md b/samples-aspnetcore-3x/self-hosted-login/README.md
@@ -21,13 +21,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **NOTE:** This sample is using ASP.NET Core 3.1 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on port 5001 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
@@ -44,7 +46,7 @@ Go to your [Okta Developer Console] and update the following parameters in your
 * **Login redirect URI** - for example, `https://localhost:5001/authorization-code/callback`
 * **Logout redirect URI** - for example, `https://localhost:5001/signout/callback`
 
-Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origin** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
+Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origins** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
 
 For step-by-step instructions, visit the Okta [Sign Users in to Your Web Application guide] which will show you how to sign users in using Okta and, [Sign Users Out guide] which will show you how to sign users out of your app and out of Okta.
 
diff --git a/samples-aspnetcore-3x/self-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-3x/self-hosted-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
diff --git a/samples-aspnetcore-3x/social-login/README.md b/samples-aspnetcore-3x/social-login/README.md
@@ -22,13 +22,15 @@ Run the example with your preferred tool and write down the port of your web app
 
 > **Note:** This sample is using ASP.NET Core 3.1 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
+> Because of recent changes in Set-Cookie behavior (SameSite) this code will only work properly if it's configured to use https.
+
 #### Run the web application from Visual Studio
 
-If you run this project in Visual Studio it will start the web application on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project in Visual Studio it will start the web application on port 44314 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 #### Run the web application from dotnet CLI
 
-If you run this project via the dotnet CLI it will start the web application on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+If you run this project via the dotnet CLI it will start the web application on port 5001 using HTTPS. You can change this configuration in the `launchSettings.json`. 
 
 Navigate to the folder where the project file is located and type the following:
 
@@ -45,7 +47,7 @@ Go to your [Okta Developer Console] and update the following parameters in your
 * **Login redirect URI** - for example, `https://localhost:5001/authorization-code/callback`
 * **Logout redirect URI** - for example, `https://localhost:5001/signout/callback`
 
-Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origin** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
+Also, enable CORS to allow your self-hosted page to make an XHR to the Okta API with the Okta session cookie. To do so, click **API > Trusted Origins** in your [Okta Developer Console], and add your web application’s base URL (for example, `https://localhost:5001/`) as a **Trusted Origin**.
 
 For step-by-step instructions, visit the Okta [Sign Users in to Your Web Application guide] which will show you how to sign users in using Okta and, [Sign Users Out guide] which will show you how to sign users out of your app and out of Okta.
 
diff --git a/samples-aspnetcore-3x/social-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json b/samples-aspnetcore-3x/social-login/okta-aspnetcore-mvc-example/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8080/",
+      "sslPort": 44314
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44314",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "okta-aspnetcore-mvc-example": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "applicationUrl": "https://localhost:5001"
+    }
+  }
+}
