dotnet/aspnetcore

Log decryption failures

Open

#4,651 opened on Jun 1, 2018

View on GitHub
 (2 comments) (0 reactions) (0 assignees)C# (10,653 forks)batch import
affected-mediumarea-authenhancementhelp wantedseverity-minor

Repository metrics

Stars
 (37,933 stars)
PR merge metrics
 (Avg merge 16d 9h) (258 merged PRs in 30d)

Description

"Correlation failed" is one of the most common failures in OIDC or OAuth flows. Many of the things that can go wrong here happen on the client and can't be traced from the server. However there's one scenario where everything does flow back to the server and the server fails to decrypt the values. This can happen in a multi-node environment with misconfigured dataprotection (RE: https://github.com/aspnet/Security/issues/1755). We can highlight this by logging decryption failures in OAuth, OIDC, and CookieAuth.

Contributor guide