Same site cookie fix

[TiagoBrenck]

Purpose

In order to work with the "sameSite = none" compatibility problem, a method was added on Microsoft.Identity.Web using the logic suggested in this Microsoft doc.

I am opening this PR to get a feedback of the implementation used. If in agreement, I will apply the changes in all samples

What was done?

• Updated to Core 3.1, so we can support the new SameSiteMode.Unspecified value (Core 3.0 workaround didnt work and a Github issue has been opened)
• Created a static method HandleSameSiteCookieCompatibility (name is opened for suggestions) that injects the MS Doc suggested code in the CookiePolicyOptions
• Added an option to extend the "check user-agent against list" so developers are free to pass their own implementation as parameter.
• The default "check user-agent against list" method was extracted from MS Docs

Does this introduce a breaking change?

[ ] Yes
[x] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[x] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

[pmaytak]

Wondering if this list covers all the necessary user agents. If there are more browsers, then maybe pulling this list from a config file would be more dynamic.

[TiagoBrenck]

This list was suggested by Barry `s team, and he added this comment in his post:

Under testing with the Azure Active Directory team we have found the following checks work for all the common user agents that Azure Active Directory sees that don’t understand the new value.

But it is definitely not a bullet proof code.

For the list in the config file approach, I am challenged about how to represent a nested check in a list. For example, in the current one there is this nested logic:

userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && 
        userAgent.Contains("Version/") && userAgent.Contains("Safari")

What I understood from this check, is to cover strings like Macintosh; Intel Mac OS X 10_14 <anything here> Version/ <anything here> Safari. How could we represent this in a config file?

[jmprieur]

Given that we'd release Microsoft.Identity.Web as a NuGet package we can quickly update it if a new browser is affected.
I'd think that we would not want to oblige every application developer to have to change a config file. @pmaytak (rather upgrade the NuGet package)

[TiagoBrenck]

Ok Jean-Marc. Worst case scenario, the new method HandleSameSiteCookieCompatibility has an overload that accepts a custom validator method.

[jmprieur]

LGTM. Thanks @TiagoBrenck
Given that @pmaytak has validated the fix with Chromium 60, I'd go ahead and apply to the other folders, and then the other samples.

[jmprieur]

LGTM, @TiagoBrenck
the only outstanding issue was you also need to update the .NET Core sdk version of Microsoft.Identity.Web.Test, which I've done