The Daily Parker

Politics, Weather, Photography, and the Dog

Quick note on debugging client authentication in .NET Core 6

I've spent about four hours doing a shit ton of A-B tests and a lot of Internet searching to figure out why I kept getting a specific error.

The app is a .NET Core 6 WebAssembly, and the app registration is set for "any organization," meaning anyone with a Microsoft ID (work, school, or XBox) can authenticate with the app.

The error began when I added a client certificate. The relevant section appSettings.config file looks like this:

{
	"AzureAD": {
		"Instance": "https://logon.microsoftonline.com",
		"Domain": "ourdomain.onmicrosoft.com",
		"ClientId": "our client ID",
		"TenantId": "organizations",
		"CallbackPath": "/signin-oidc",
		"SignedOutCallbackPath:": "/signout-oidc",
		"ClientCapabilities": [ "cp1" ],
		"ClientCertificates": [
			{
				"SourceType": "KeyVault",
				"KeyVaultUrl": "https://our-key-vault.vault.azure.net/",
				"KeyVaultCertificateName": "our-certificate-name"
			}
		]
	}
}

So far, all good. Except when I tested the code, I got this:

{
	"error": {
		"code": "Unauthorized",
		"message": "AKV10032: Invalid issuer. Expected one of https://sts.windows.net/tenant1guid/, https://sts.windows.net/tenant2guid, found https://sts.windows.net/tenant3guid"
	}
}

Our Key Vault lives in tenant1, and also has access to tenant2, but tenant3 is my login ID from my company's AD tenant.

Let me skip to the end, because I'd like to finish this fix today.

The solution was to go into launchSettings.json and add this:

{
	"profiles": {
		"App Name": {
			"AZURE_TENANT_ID": "tenant1guid"
		}
	}
}

Boom. Done. And if I ever need this information again, or anyone else does, I hope they find this blog entry.

The busy season

I've spent today alternately upgrading my code base for my real job to .NET 6.0, and preparing for the Apollo Chorus performances of Händel's Messiah on December 11th and 12th.

Cassie, for her part, enjoys when I work from home, even if we haven't spent a lot of time outside today because (a) I've had a lot to do and (b) it rained from 11am to just about now.

So, as I wait for the .NET 6 update to build and deploy on our dev/test CI/CD instance (I think I set the new environments on our app services correctly), I have a few things to read:

OK, the build has...well, crap. I didn't set the environment correctly after all.

Update: Fixed the build bit. And the rain stopped. But the test platform is the wrong version. FFS.

Update: Well, I have to pick something up from a store before 6, so I'll come back to this task later.

Update: Even though I've had 4 tiny commits of minor things that broke with the .NET 6 upgrade, this hasn't gone poorly. Kudos to Microsoft for providing a straightforward upgrade path.

Lunchtime reading

Yep, one of these posts.

Back to coding...

Today's reading list

If only it weren't another beautiful early-summer day in Chicago, I might spend some time indoors reading these articles:

Time to go outside...

Cool new feature in Weather Now

I've finally gotten around to extending the historical weather feature in Weather Now. Now, you can get any archival report that the system has, back to 2013. (I have many more archival reports from before then but they're not online.)

For example, here's the last time I arrived in London, or the time I took an amazing photo in Hermosa Beach, Calif.

I don't know why it took me so long to code this feature. It only took about 4 hours, including testing. And it also led me to fix a bug that has been in the feature since 2008.

Lunchtime reading

It's been a busy news day:

There was also an article on tuple equality in C# 7.3 that, while interesting to me, probably isn't interesting to many other people.

Four unrelated stories

A little Tuesday morning randomness for you:

Back to debugging acceptance tests.

Blogging A-to-Z Challenge Topic 2018

Blogging A to ZAs I mentioned a couple of weeks ago, The Daily Parker will participate in this year's Blogging A-to-Z Challenge. Today's the official Theme Reveal day. My topic will be: Programming Concepts using Microsoft C# .NET.

My topics will include:

  • Compilers vs Interpreters
  • Generics
  • Human factors (and errors)
  • LINQ
  • Polymorphism

...and will finish with a real-world practical example on April 30th.

I will also keep up my annoying political and Parker posts through April. And, full disclosure, many of the 26 A-to-Z posts will be technical and more involved than just linking to a Washington Post article. Because of that, and because I want a consistent publication cadence, I'm going to write them ahead of time, even if it's just the night before.

A-to-Z posts will start at noon UTC (7am Chicago time) on April 1st and continue through the 30th, with Sundays off. You can find them directly through their A-to-Z Tag. Enjoy!

What does Tinder know about you?

Via Bruce Schneier, a British reporter requested her data dossier from Tinder. As with so many other things in life, she was shocked, but not surprised:

The dating app has 800 pages of information on me, and probably on you too if you are also one of its 50 million users. In March I asked Tinder to grant me access to my personal data. Every European citizen is allowed to do so under EU data protection law, yet very few actually do, according to Tinder.

With the help of privacy activist Paul-Olivier Dehaye from personaldata.io and human rights lawyer Ravi Naik, I emailed Tinder requesting my personal data and got back way more than I bargained for.

Some 800 pages came back containing information such as my Facebook “likes”, my photos from Instagram (even after I deleted the associated account), my education, the age-rank of men I was interested in, how many times I connected, when and where every online conversation with every single one of my matches happened … the list goes on.

What will happen if this treasure trove of data gets hacked, is made public or simply bought by another company? I can almost feel the shame I would experience. The thought that, before sending me these 800 pages, someone at Tinder might have read them already makes me cringe.

Tinder’s privacy policy clearly states: “you should not expect that your personal information, chats, or other communications will always remain secure”. As a few minutes with a perfectly clear tutorial on GitHub called Tinder Scraper that can “collect information on users in order to draw insights that may serve the public” shows, Tinder is only being honest.

But as Schneier points out, "It's not [just] Tinder. Surveillance is the business model of the Internet. Everyone does this."