.NET update on Azure breaking SharePoint provider hosted app parts (add-ins)

Note that the system.web configuration settings have no effect in .NET Core, and applications written on .NET Core will require a code change to the configuration to use CookieOptions.SameSite == SameSiteMode.None in a cookie policy, or when setting the cookie authentication up. There is a bit here on using OWIN to code a solution that also will omit the SameSite property when dealing with certain browser agents that are not up to date on the standard yet (and may never be updated)-

https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/

The URL re-write workaround I believe was nessecitated by the use of .NET Core on some apps, while apps that were built on .NET Framework worked with the cookie settings in the system.web config section.

Thanks stmaximon 

I tried with VS2019 and it has the valid schema file but error is still there

Oh well, try ignoring the error and deploying anyway.  You could even edit the web config directly in Azure as suggested in this article.

I Can not find "DotNetConfig472.xsd". The only schema that I can see is "DotNetConfig.xsd"

I think you might just need to validate against another schema (which is what I ended up doing).  With the web config open, go to the XML menu at the top and choose Schemas. There should be one in the list called DotNetConfig472.xsd.  Make sure the "Use" column is set to "Use this schema". 

You also have the targetFramework for httpRuntime set to 4.5 instead of 4.7.2.

I am using NET 4.7.2 and tried the fix in web.config file and got warning "The 'sameSite' attribute is not allowed.". Should I ignore this?

Well, the intellisense hadn't recognised the attributes when adding them in Visual Studio, so when I deployed, tested, and got an error, I just thought the xml couldn't being parsed, and that perhaps these attributes were only valid on framework 4.7 onwards (I'm targeting 4.6.1).  However, I played around with it a bit more yesterday and ended up putting just the sessionState line back in - and that was OK.  So I decided to check that it must just be the httpCookies line, added that back in, and...it still worked.  So I think perhaps what happened was that in copying and pasting the two lines together from this page, there were maybe some hidden characters introduced which resulted in malformed xml.  That's all I can think of, anyway. Thanks for responding, though, and hope this helps someone else.

URL re-write is a heavier way of doing the same thing the web.config setting does. 

If you give the error, we might be able to get it working with the more efficient solution.

Make sure you have well formed XML, that will throw errors if it is off.

This didn't work for me; it just resulted in an error.  However, I managed to achieve the same thing by using a rewrite rule:

    <rewrite>
      <outboundRules>
        <rule name="Add SameSite" preCondition="No SameSite">
          <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
          <action type="Rewrite" value="{R:0}; SameSite=none" />
          <conditions>
          </conditions>
        </rule>
        <preConditions>
          <preCondition name="No SameSite">
            <add input="{RESPONSE_Set_Cookie}" pattern="." />
            <add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=none" negate="true" />
          </preCondition>
        </preConditions>
      </outboundRules>
    </rewrite>

This goes in system.webServer in web.config.