Sean Leonard

@filipemiguelaugusto looks like the docs reflect `AlternativeSecurityId` https://docs.microsoft.com/en-us/azure/active-directory-b2c/social-transformations However, this sample still needs to be updated.

@xinaxu Adding that key worked for me. I added to both the AAD-Common and AAD-UserReadUsingObjectId technical profiles. For whatever reason, I had ApiVersion instead of api-version as the key. This...

I would like to see this too. Whenever changes from `main` are merged into a current working branch, those changes then become noise within the view "Changes since last review."...

has anyone determined **why** restarting Host Network Service works?

I am getting this as well. Unfortunately the other issue referenced is closed but has many many reports (even after closure) about the same behavior.

The supported filter attributes for resource **_Users_** in this sample are _userName_ and _externalId_. This is defined in the Microsoft.SCIM.WebHostSample/Provider/InMemoryUserProvider.cs method QueryAsync. The extra `/` does not cause issues if...

Let's re-triage and consider for May due to a growing need for this to make a complete local development experience.

Check OWASP site for any security related guidance, if any, regarding header max length

Looks like Kestrel (Asp.net) has limit default to 32KB https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.server.kestrel.core.kestrelserverlimits.maxrequestheaderstotalsize?view=aspnetcore-6.0

Look through some of these to see if we might need to consider additional security measures. And whether Asp.net has built in features/mitigations https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#input-validation