azure-activedirectory-identitymodel-extensions-for-dotnet icon indicating copy to clipboard operation
azure-activedirectory-identitymodel-extensions-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Bug] ShowPII doesn't seem to work

Open justinmchase opened this issue 2 years ago • 9 comments

I am encountering an error and attempting to debug it but I am getting a message saying its obfuscating some information because of ShowPII settings. I have added the setting to the static field but the logs are still masked.

Which version of Microsoft.IdentityModel are you using? 6.32.0

Where is the issue?

  • [ ] M.IM.JsonWebTokens
  • [ ] M.IM.KeyVaultExtensions
  • [x] M.IM.Logging
  • [ ] M.IM.ManagedKeyVaultSecurityKey
  • [ ] M.IM.Protocols
  • [ ] M.IM.Protocols.OpenIdConnect
  • [ ] M.IM.Protocols.SignedHttpRequest
  • [ ] M.IM.Protocols.WsFederation
  • [ ] M.IM.TestExtensions
  • [ ] M.IM.Tokens
  • [ ] M.IM.Tokens.Saml
  • [ ] M.IM.Validators
  • [ ] M.IM.Xml
  • [ ] S.IM.Tokens.Jwt
  • Other (please describe)

Is this a new or an existing app? new

Repro

Basically the first line in my Main function is this:

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

I am unable to reproduce it locally, it only happens when run in a docker image in our CI server.

Expected behavior I expect to be able to see all of the logs.

Actual behavior My logs still contain masking such as:

Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'

Possible solution I honestly cannot figure it out. I am sort of wondering if two versions of the assembly are loaded? How could the static flip from true to false otherwise? Where is the most approprately place to put ShowPII = true?

Additional context / logs / screenshots / links to code

justinmchase avatar Sep 26 '23 20:09 justinmchase

@justinmchase what application are you writting? Console, asp.net etc. It is possible that some other code is turning ShowPII = false.

You could add the following line in multiple places to see if that can narrow down the issue. Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

brentschmaltz avatar Sep 26 '23 23:09 brentschmaltz

It is running in an aspnet rest API, pretty standard. I'm not sure why something would set it to false specifically, certainly not in my code

justinmchase avatar Sep 27 '23 00:09 justinmchase

Is the field thread scoped? Should I set it in middleware on every request?

justinmchase avatar Sep 27 '23 01:09 justinmchase

@justinmchase The field is not thread scoped.

It might be worth trying setting ShowPII = true on every request, let us know if that works.

brentschmaltz avatar Sep 27 '23 15:09 brentschmaltz

@justinmchase where in your code are you putting that line of code to enable PII?

jennyf19 avatar Sep 28 '23 21:09 jennyf19

The first line in my Main function

justinmchase avatar Sep 28 '23 23:09 justinmchase

I had troubles finding out the right location for the ShowPII flag as well.

What seems to be the solution is to put IdentityModelEventSource.ShowPII = true after building the DI container:

var builder = WebApplication.CreateBuilder(args);
...
builder.Services.AddAuthentication()
builder.Services.AddAuthorization()
...
var app = builder.Build();

IdentityModelEventSource.ShowPII = true; // <------
...

LoranKloeze avatar Nov 05 '23 09:11 LoranKloeze

I'm assuming something in the builder step is setting it to false rather than just defaulting it to false in that case, probably a bug but I couldn't find where by just doing a simple search. Also, ideally this would be a config setting not just some global static variable.

justinmchase avatar Nov 06 '23 14:11 justinmchase

@justinmchase @LoranKloeze are you still stuck on this?

brentschmaltz avatar Feb 21 '24 23:02 brentschmaltz