ASP.NET core Azure AD authorization problem (chrome doesn't save cookies and makes loop requests)

Question

I'm trying to add azure AD to my project and use this tutorial as example. With localhost all works fine, but after deploying a have such problem as loop redirects from chrome (version 91)
Also i get this problem using last version of opera and edge. While doing the same in safari and Firefox i didn't get any problems.

I think it might be a problem with samesite cookies, but i have already tried every one variant (none,lax,unspecified, strict). Also i noticed, that in Firefox in response Cookies i recieve "AspNetCore.Cookies and in Chome i'm not.

but in chrome it's only these one

Is anyone can help me with that problem?

My StartUp file

public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                options.HandleSameSiteCookieCompatibility();
            });
            
            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;


            services.AddMicrosoftIdentityWebAppAuthentication(Configuration);

            services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                options.TokenValidationParameters.RoleClaimType = "roles";
            });

            services.AddControllersWithViews(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
            }).AddMicrosoftIdentityUI();

        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }

            app.UseStaticFiles();
            app.UseCookiePolicy();
            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }

appsettings.json

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "11111111-1111-1111-1111-111111111111",
    "ClientId": "11111111-1111-1111-1111-111111111112",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Answer 1

Here is a fix (it could be not the best, but it works well for me). MDN spec says: "The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected." That was my problem with browsers run over Chromium engine (Chrome/Opera/Edge). The default value was CookieSecurePolicy.SameAsRequest i changed it to CookieSecurePolicy.Always :

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                options.CorrelationCookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
                options.NonceCookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
                
            });

Some screenshot of warning in chrome:
before

after