Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add logging when DistributedCacheStateDataFormatter returns null #1540

Closed
AndersAbel opened this issue Apr 12, 2024 · 8 comments
Closed

Add logging when DistributedCacheStateDataFormatter returns null #1540

AndersAbel opened this issue Apr 12, 2024 · 8 comments
Assignees
@AndersAbel

Comments

@AndersAbel
Copy link
Member

If the data is not found in the cache we return null which is perfectly fine. However, the OIDC Handler logs the error as "Unable to unprotect message.state" which indicates it's a data protection issue. We should add a log message when we return null, something like

Key {key} not found in the registered IDistributedCache. Returning null which will cause an "Unable to UnProtect message.state" exception.

With that line in the log right before the exception it would be easier to understand the reason for the error.

Only question I have is the log level. It feels like Debug level of detail. But I also want it to show up in logs right next to the exception which indicates error or warning.

Maybe Error and a config switch on the state data protector that can disable the logs for those who has found out how it works?
@brockallen
Copy link
Member

Is there something that the MS code could do better here? They should report a different thing, it seems -- IOW, there's "no data to unprotect" vs. "the unprotecting of the data found has failed".

@AndersAbel
Copy link
Member Author

Yes, Microsoft should definitely handle this better. Is it better to send a PR to the OIDC handler?

@brockallen
Copy link
Member

Well, we should start by opening an issue with them. // @Tratcher

@Tratcher
Copy link

Over here please: https://github.com/dotnet/aspnetcore

FYI, I don't work on AspNetCore anymore.

@brockallen
Copy link
Member

Over here please: https://github.com/dotnet/aspnetcore

Thank you!

FYI, I don't work on AspNetCore anymore.

Ah, what's your focus these days?

@AndersAbel AndersAbel self-assigned this May 2, 2024
@AndersAbel
Copy link
Member Author

Yes, Microsoft should definitely handle this better. Is it better to send a PR to the OIDC handler?

I've investigated possibilities for better handling and unfortunately the current interfaces/function signatures do not allow any improved error handling. The returned value need to be a valid AuthenticationProperties instance or null.

We could add logging every time we return null because the key wasn't found in cache. But it could also be that just a startup message will help enough, #1550.

My suggestions is to put this on hold for the time being, merge #1550 and see if that is enough.

@brockallen
Copy link
Member

So should we close this now, given the PR is merged?

@AndersAbel
Copy link
Member Author

Yes, closing for now. If support indicates that people are still confused by this even with the new logging we can reopen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndersAbel AndersAbel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brockallen @Tratcher @AndersAbel