Hi ,

Due to vulnerability issues in the Microsoft.Data.SqlClient package version 2.1.4, I updated this package to the latest version. However, I am now unable to log in to the application. Investigation revealed that the new version's dependencies cause the TokenProviderOptions to require a longer SymmetricSecurityKey.

The key is generated by the template, and my short application name results in a string shorter than the required 32 characters (formatted as XXXXXSecretSecurityKeyXXXXX, where XXXXX is my application name). Applications with longer names do not face this issue.

Turns out that upgrading to a version above 3.1.5 will require a key long enough to meet the HS256 algorithm requirements.

Extending the string length and excluding the TokenProviderOptions.cs from code generation resolves the login issue.


1 Like