Closed fabiodiluca closed 8 years ago
Where is version 4.1.0 coming from?
Thank you for your super lightining fast feedback. System,Net.Http 4.1.0 is used by refit (popular Rest TypeSafe Client) nuget package. The thing is that i am mixing .Net Standard compatible nuget with this middleware. Inheritance security has been violated by the type "System.Net.WebRequestHandler'. Derived types must correspond to the base type accessibility or be less accessible. If I disable(skip) this middleware than I don't get any exceptions. I am not a developer expert, sorry if I making anything wrong.
It it is indirectly because refit:
I have modified this project(AccessTokenValidation) to use System.Net.Http 4.1.0, what I beleived it would solve it.I did it, but I was wrong, the error still the same. Can't figure out what is causing this.
Yes - the dependencies are incompatible. You should report that to Microsoft.
It is not even our code using the HttpClient - but Microsoft's OpenID Connect library.
Are you sure they are incompatible? I don't even know if I am doing something wrong.
Maybe this other library should also have a pain .NET compilation target - this way it wouldn't force you to use the CoreFX libs.
Anyways - this is not an identityserver issue. closing for now. feel free to re-open when you have new infos
Just updating info: I discovered that System.Net.Http 4.1.0 has a critical security problem that makes it not working on .net.4.6.1. https://github.com/dotnet/corefx/issues/11100
I am trying to use this middleware inside a pack that also uses System.Net.Http 4.1.0, but it gives me an exception at this line: 'var handler = options.BackchannelHttpHandler ?? new WebRequestHandler();' (DiscoveryDocumentIssuerSecurityTokenProvider.cs).It says that the class is less accessible than the base class. Is it possible to update this project to use the new nuget System.Net.Http 4.1.0?