IdentityServer
Fixes a potential authentication vulnerability
I was going to copy your code for my own use (needing this exact same scenario in my OWIN app) but fortunately had just come across this piece of advice in my research.
It is a very common error to encrypt data without also authenticating it.
I saw the correct approach on this blog post earlier, and put two and two together. :) I may be wrong (I'm no expert!), but I think the scenario here is that an attacker could, reasonably, obtain the public key you were using to encrypt the sensitive data (e.g. the session cookie) with. For example, if an IdentityServer is using the SSL certificate to also protect the data, then the attacker already has the public key. In that case the attacker could craft any desired token and likewise encrypt it with the public key, and the original code here would accept it as genuine since it is able to decrypt it. The PR fixes this by first signing the plaintext -- with the private key -- before encrypting it (again with the private key).
Just a suggestion. If that's actually wrong, or there's a better way to do this, please let me know! I'm still learning. :)
