Barry Dorrans
Barry Dorrans
@HaoK Thoughts on how best to word this?
Chain shouldn't include the actual cert for the site, but it's not a well defined term at all, so you can't make the assumption. Windows exports are for the leaf...
There's usually a small lag whilst it percolates through MITRE. For reference it'll be CVSS:3.1 Base Score 7.0 / Temporal Score 6.1 It would take a blind XXE to pull...
@mkArtakMSFT can you assign someone to take a look?
You are mixing and matching things for generic cookie authentication (AddCookie) and things meant for asp.net identity (ConfigureApplicationCookie). Which auth are you trying to use?
Ah got it. @HaoK how does this all hang together?
While there is a revocation api, it's not actually wired up to anything, it's meant for folks writing utilities, and revocation marks a key in a very particular. We don't...
I think we're going to need a repro, including the code of your cosmos db provider before we can investigate
_@blowdart What is our guidance on having ProblemDetails enabled in production?_ As it's been for 20+ years. Don't do that. If you are returning details somehow in prod by default...
_Downloading the chain per request is a performance concern (and security concern) that’s why we don’t want to do it by default._ This isn't downloading the chain though; the client...