Office-Add-in-samples icon indicating copy to clipboard operation
Office-Add-in-samples copied to clipboard

Published 20 hours ago verified publisher icon OfficeDev

Cookies not set/saved in Browser

Open johandanforth opened this issue 4 years ago • 2 comments

URL of sample

https://github.com/OfficeDev/PnP-OfficeAddins/tree/3ce0e1b74152dbbe8306a091696bc4455c04c0a1/Samples/auth/Office-Add-in-Microsoft-Graph-ASPNET

Describe the bug

Note: The sample works fine in Windows Outlook, but not in Web Outlook in a browser. The code sample uses http cookies to keep track of the state keys, but cookies are never saved when running in a web browser. The request to read the cookie returns null every time. This is the code part in Session.cs that doesn't work anymore. Tried in Chrome and Edge:

        public static string GetUserAuthStateId(HttpContextBase ctx)
        {
            string id;
            if (ctx.Request.Cookies[SessionKeys.Login.UserAuthStateId] == null)
            {
                // Convert GUID to a string and format as numeral to remove hyphens.
                id = Guid.NewGuid().ToString("N");
                ctx.Response.Cookies.Add(new HttpCookie(SessionKeys.Login.UserAuthStateId)
                {
                    Expires = DateTime.Now.AddMinutes(20),
                    Value = id
                });
            }
            else
            {
                id = ctx.Request.Cookies[SessionKeys.Login.UserAuthStateId].Value;
            }

            return id;
        }

To Reproduce

  1. Download and run the sample.
  2. Click "Connect to Office 365" button
  3. Click "Get Onedrive File Names"
  4. Get an exception here:
            var filesResult = await ODataHelper.GetItems<ExcelWorkbook>(fullWorkbooksSearchUrl, token.AccessToken);

because the cookie is never returned from request.

Expected behavior

I expect the code line in HomeController - Index() to return the state-id:

            var userAuthStateId = Settings.GetUserAuthStateId(ControllerContext.HttpContext);

Environment

  • Platform [PC desktop, Mac, iOS, Office Online]: PC
  • Host [Excel, Word, PowerPoint, etc.]: Outlook Web
  • Operating System: Windows 10
  • Browser (if using Office Online):
    • Google Chrome Version 88.0.4324.190
    • Microsoft Edge Version 89.0.774.45
    • Microsoft Edge Canary Version 91.0.822.0

Additional context

The sample is not modified at all. I've also tried to use Session state instead of cookies, but since Session uses cookies, there's no difference. I'm not using any 3rd party plugins for the browsers and I have a vanilla Edge installation with no changes to the settings.

johandanforth avatar Mar 10 '21 14:03 johandanforth

Note that I'm running against outlook.office.com.

johandanforth avatar Mar 10 '21 16:03 johandanforth

@johandanforth Thanks for letting us know about this.

@davidchesnut Can you take a look?

Thanks.

ElizabethSamuel-MSFT avatar Mar 22 '21 23:03 ElizabethSamuel-MSFT

Hi @johandanforth, Sorry this has taken so long. I was working on a PR to update this sample, but we're changing our strategy to rely on the existing Microsoft identity samples.

The Office Add-in Microsoft Graph ASP.NET sample will be remapped to https://github.com/Azure-Samples/ms-identity-aspnet-webapi-onbehalfof That sample should also give you control over using cookies, or not.

We'll be posting some updated guidance on how you can update the identity samples to use the Office dialog API soon.

davidchesnut avatar Nov 07 '22 17:11 davidchesnut

Hi @davidchesnut and thanks for the update. The problems I had this long ago actually made me drop everything until everything was more "ready". But the need is still there - we have an old, quite complex, Outlook addin written in c# that needs to be overhauled. I was hoping we could rewrite it using this technique...

johandanforth avatar Nov 14 '22 06:11 johandanforth

Hi @johandanforth, If you haven't seen it already you may be interested in the Outlook Blazor sample that @elegault contributed. It allows you to keep the logic portions of your code in c#, although the UI will still need to be in JavaScript.

davidchesnut avatar Nov 14 '22 16:11 davidchesnut

Thanks @davidchesnut , I did not know of that sample, I will for sure give it a go, as soon as I get some time for it. Cheers. We sure want to move away from our old (but still working fine) Outlook add-in, because that particular add-in has grown into something ugly 😉

johandanforth avatar Nov 15 '22 07:11 johandanforth

Hi @johandanforth, If you haven't seen it already you may be interested in the Outlook Blazor sample that @elegault contributed. It allows you to keep the logic portions of your code in c#, although the UI will still need to be in JavaScript.

Sorry to say, the outlook blazor sample isn't working. I get this error in both desktop and web mode. Have tried with and without two-factor auth, same error: image

johandanforth avatar Nov 15 '22 19:11 johandanforth

I sideloaded the sample to Outlook on web, and Outlook on Windows and it seems to load and run fine.

Can you try again after clearing the Office cache?

Thanks! David

davidchesnut avatar Nov 16 '22 20:11 davidchesnut

I will try in a few minutes, forgot to clear the cache! I've not looked at this architecture since I reported that issue a long time ago now. Sorry.

/Danforth

From: David Chesnut @.> Sent: Wednesday, November 16, 2022 9:04:30 PM To: OfficeDev/Office-Add-in-samples @.> Cc: Johan Danforth @.>; Mention @.> Subject: Re: [OfficeDev/Office-Add-in-samples] Cookies not set/saved in Browser (#124)

I sideloaded the sample to Outlook on web, and Outlook on Windows and it seems to load and run fine.

Can you try again after clearing the Office cachehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Foffice%2Fdev%2Fadd-ins%2Ftesting%2Fclear-cache&data=05%7C01%7C%7Ccf20f0bd7dad4a80bf5e08dac80dc68e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638042258730360650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ffrT7yl4hSoBDqHhUzjuQKfUTU1Ny%2FQp3ae0XF29B7w%3D&reserved=0?

Thanks! David

— Reply to this email directly, view it on GitHubhttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOfficeDev%2FOffice-Add-in-samples%2Fissues%2F124%23issuecomment-1317600579&data=05%7C01%7C%7Ccf20f0bd7dad4a80bf5e08dac80dc68e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638042258730360650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=tIV5u%2FDnAPfYKN%2Fh6jQwlq3tiuoK%2FWgjDHiuG4SB4tE%3D&reserved=0, or unsubscribehttps://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAEAVPOSCFBRB736NVAIFDTWIU445ANCNFSM4Y6E4JLA&data=05%7C01%7C%7Ccf20f0bd7dad4a80bf5e08dac80dc68e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638042258730360650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZibfX58A7W2f%2Bnv%2F8mL%2BHuJmLEGuJSbz5u5sfS1%2FgQs%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>

johandanforth avatar Nov 16 '22 20:11 johandanforth

Will close for now, but @johandanforth please reopen if there is still any ongoing issues. Thanks!

davidchesnut avatar Dec 12 '22 19:12 davidchesnut