The solution will only work for Windows. It won't work for MAc/Linux as linux Does not support .p8 files in .NET Core 2.x as-per https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615

new SigningCredentials(new ECDsaSecurityKey(eCDsa), SecurityAlgorithms.EcdsaSha256)) gives exception on linux.

Hi Scott, firstly thanks for this awesome post on Legacy ASP.NET & PKCE!

In that article you mention:

// remember code verifier in cookie (adapted from OWIN nonce cookie)

https://github.com/scottbrady91/Blog-Example-Classes/blob/7f30cee656ddb1b6cd68483a5447dcf10f2d1afc/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L129

I'm curious why the cookie's key is somewhat stateful/dynamic..?
The problem I'm seeing is when the user refreshes, it creates new nonce & cv cookies, leaving the old ones orphaned. This could eventually cause the request header to grow too big.

Do you see any issue with changing this cookie key to something constant like OpenIdConnect.cv.foo?

Hello! Sorry for asking stupid things, but help will be really appreciated. I'm trying to follow your blog post. The following code works like a charm with Microsoft.AspNetCore.Authentication.OpenIdConnect:

            services
                .AddAuthentication(cfg =>
                {
                    cfg.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    cfg.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                })
                .AddCookie()
                .AddOpenIdConnect(cfg =>
                {
                    cfg.Authority = "https://myoauthserver/";
                    cfg.ClientId = "hangfire";
                    cfg.ResponseType = "code";

                    cfg.Scope.Clear();
                    cfg.Scope.Add("openid");
                    cfg.Scope.Add("profile");
                });

but similar code don't with Microsoft.Owin.Security.OpenIdConnect:

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);           

            app.UseCookieAuthentication(new CookieAuthenticationOptions {  });

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
            {   
                Authority = "https://myoauthserver/",
                ClientId = "hangfire",
                ResponseType = OpenIdConnectResponseType.Code,
                Scope = OpenIdConnectScope.OpenIdProfile
            });

At first, it doesn't pass redirect_url if it is not set explicitly. But if I set it to something like RedirectUri = "http://localhost:9001/signin-oidc" or just RedirectUri = "http://localhost:9001/" myself, redirect works but I got 404 error for / or /signin-oidc endpoint. Am I doing something wrong? I'm using latest version of Microsoft.Owin.Security.OpenIdConnect and unfortunately I stuck with Framework.

What is the correct length of signature is it 64 or 71 ? the value always 64 byte and the documents talk about ECDSA say it's 71 ?
can anyone help me i'm new to this field of crypto

Hello I am trying to follow your article https://www.scottbrady91.com/c-sharp/supporting-custom-jwt-signing-algorithms-in-dotnet-core
Apparently for .net 7 and
Microsoft.IdentityModel.JsonWebTokens 7.0.3
Portable.BouncyCastle 1.9.0

while I am veryfying the token I get the following error
{"IDX10511: Signature validation failed. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. \nNumber of keys in TokenValidationParameters: '1'. \nNumber of keys in Configuration: '0'. \nMatched key was in 'TokenValidationParameters'. \nkid: '123'. \nExceptions caught:\n '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.\ntoken: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10511 for details."}

Hi,

Turns out we we don't really have roll as much crypto as your article says. Specifically, we can avoid implementing the round functions ourselves, and use regular Chacha20 instead. Here's an example in C, using Monocypher's public interface of IETF Chacha20:

void crypto_hchacha20(u8 out[32], const u8 key[32], const u8 in [16])
{
    const u8  zero[64] = {0};
    const u8 *nonce    = in + 4;
    const u32 ctr      = load32_le(in);
    const u8 *constant = (const u8*)"expand 32-byte k";
    u8  block[64];
    u32 words[ 8];
    crypto_ietf_chacha20_ctr(block, zero, 64, key, nonce, ctr);

    words[0] = load32_le(block +  0) - load32_le(constant +  0);
    words[1] = load32_le(block +  4) - load32_le(constant +  4);
    words[2] = load32_le(block +  8) - load32_le(constant +  8);
    words[3] = load32_le(block + 12) - load32_le(constant + 12);
    words[4] = load32_le(block + 48) - load32_le(in +  0);
    words[5] = load32_le(block + 52) - load32_le(in +  4);
    words[6] = load32_le(block + 56) - load32_le(in +  8);
    words[7] = load32_le(block + 60) - load32_le(in + 12);

    FOR (i, 0, 8) {
        store32_le(out + i*4, words[i]);
    }
    WIPE_BUFFER(words);
    WIPE_BUFFER(block);
}

There. No round function, and hardly any poking at Chacha20's internals. We can do this because HChacha20 is designed specifically to only reveal those values the attacker could have reconstructed, using the nonce and counter (which aren't secret). That's why the security reduction works.

Now this is still kind of a "roll your own crypto" thing, in the sense that even though I know Chacha20 like the back of my hand, I didn't get it right on the first try. But it's closest to "building HChacha20 on top of Chacha20" as you'll ever get.

Scott, this is far above the best sample for multi tenancy, 👍 so thanks for sharing this, and also I wanted to ask for some understanding help

Does this mean if I have a SAAS app, and I have two companies registeresd COMPxyz and COMPabc - will this multi-tenant id isolate the members of the two groups? i.e. managers role from a group/COMPxyz can only see employees in COMPxyz but not employess in COMPabc -
I saw this code below, but the blog did not list usage snippets on how to check inside the action for the tenants, if I need to use/check the tenantIDin the usermanager() show me snippet on how to check

var context = new ApplicationUserDbContext<ApplicationUser>("DefaultConnection");
var userStore = new ApplicationUserStore<ApplicationUser>(context) { TenantId = 1 };
var userManager = new UserManager<ApplicationUser, string>(userStore);

Can you tell me how/(where in the code, is login form the best place?) to watch/log/audit the login attempts from a user, for e.g. we want to know if there is a brute force attack and someone is trying to log-in. I want to lock the account, if there are 5 bad logins within 5 mins.

thanks

Hi Scott, kudos, very nice blog article, a missing 🔑 in multi tenant solution,

1. If we have SAAS app, where users from 2 different organizations are logging in, and I have the same app instance serving/running and the tenant is fixed during the new dbContext, isnt it fixed to only one tenant per app instance.
2. It was my impression IMHO, that in the same app instance could serve many organizations (SAAS); and, I would leverage/fetch the users tenantIDfrom an extended Identity userID/principal from the session to save/preform data operations. Am I wrong here, can you help with a modification. I believe the key to making this work, would be letting the user select a Tenant(or Organization, during registration).
3. Lastly, I am using the identity with a roles approach, will you solution still work, I ask because you mentioned claims in your original blog. What would I need to make it work with roles?

thanks