.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Issues with secure token service

Posted By:      Posted Date: September 17, 2010    Points: 0   Category :SharePoint
Recently, I converted my sharepoint site from classic authentication to claims based, using ldap.  I finally got the Ldap connection to work, but my secure token service is not working. When I try to log in, I just get taken to an error page. I know the LDAP is working because when I search for users under "add users," people show up under my forms auth.  In central administration, it says the Security Token Service is not available. The explanation states that it is not issuing tokens and could be malfunctioning or in a bad state. When I look at my event logs, I get two errors. The first one says, "Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made because the target machine actively refused it" The other entry, which is only a warning, is a lot more helpful. The source is ASP.NET 2.0.50727.0 and the task category is web event. Here are the contents:
<script> function Toggle(node) { if (!window.fullyLoaded) return; // Expand the branch? if (node.nextSibling.style.display == 'none') { // Change the sign from "+" to "-". var tBodyNode = node.childNodes[0]; var trNode = tBodyNode.childNodes[0]; var tdNode = trNode.childNodes[0]; var bNode = tdNode.childNodes[0]; var textNode = bNode.childNodes[0]; i

View Complete Post

More Related Resource Links

Create a new target application - Secure Store Service administration issues

Hi,I am trying to create new target application, when I go to Secure Store Service in Centra admin I have:Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator.I have used this few days ago and avarything else is working fine on the server, and I have applications created with it running fine.Any help is appreciated.cheersValko

Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

authentication issues using exchange web service within sql CLR functions

Hi Hope this is the right forum for this question, we have a VB assembly we have written to perform simple email functions via calls to EWS. We use a high level user who has rights to impersonate the normal exchange users, and this usually works OK, but what we are seeing is that occasional email messages are being created in the wrong user's draft folders. We belive this is because the impersonating account information is getting overwritten within our code when multiple users access the functions at the same time Example call to the WS is... <Microsoft.SqlServer.Server.SqlProcedure()> _ Public Shared Sub InsertEmail( _ ByVal Impersonate As String, _ ByVal Subject As String, _ ByVal Body As String, _ ByVal ToAddress As String, _ ByVal CCAddress As String, _ ByVal BCCAddress As String, _ ByVal HTMLEmail As Boolean, _ <Out()> ByRef ItemID As String, _ <Out()> ByRef ChangeKey As String) 'ByVal CCAddress As String, _ 'ByVal BCCAdddress As String, _ Using esb As Helper = New Helper(Impersonate) ' Create the CreateItem request. Dim createEmailRequest As New ews.CreateItemType() ' Specifiy how the e-mail will be handled. createEmailRequest.MessageDisposition = ews.MessageDispositionType.SaveOnly createEmailRequest.MessageDispositionSpecified

Claims to windows token service wont start in Central administration

Not sure if this is a bug or some setting I just dont understand but I cannot get the claims to windows token service from manage services to show as started. When I click start I get this error in the event viewer: An attempt to start/stop instance of service Claims to Windows Token Service on server <SERVERNAME> did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. c2wts (DOMAIN\sp_farm) I have searched and searched for an answer. This thread http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/6b865ead-970b-4460-9dcf-1cc6d6d8530b talks about needing a connection to the internet, but my server is connected to the internet so i think i can rule that out. Also I have read that c2wts depends on the crypto service. I have run this command with no success: sc config c2wts depend= cryptsvc I can start the c2wts service through services.msc and it is succesful. But central administration still shows it is stopped. I have also re-run the installer in repair mode, and re-run the initial configuration wizard, maintaining all of the same settings as the previous installation. That didn't help. Basically, I'm out of ideas and I cant find much about this on the web. Any ideas?

How to Programatically SetCredentials for Secure Store Service Application in Sharepoint 2010 using

I have to setup Credentials for Secure Store Service application programatically. To get Stored Credentials I have following code and its working fine. using (SPSite site = new SPSite("http://vtlssp2010Dev")) //using (SPSite site = new SPSite("http://" + System.Environment.MachineName + "/sites/Site_Name"))d { Console.WriteLine(site.RootWeb.CurrentUser.Name); SPServiceContext context = SPServiceContext.GetContext(site); prov.Context = context; try { SecureStoreCredentialCollection cc = prov.GetCredentials(appID); foreach (SecureStoreCredential c in cc) { IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(c.Credential); string sDecrypString = System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr); Console.WriteLine(sDecrypString); } } catch (Exception ex) { Console.WriteLine("Unable to get credentials for application " + appID); Console.WriteLine(ex.Message); } Console.ReadLine(); } } All I want is to programmatically do set credentials like explained in this example on msdn. http://msdn.microsoft.com/en-us/library/ff798456.aspx Please help. Shamshad Ali  

Secure Service Store and custom web application.

 Hello All,  I have a problem for which I would like to use the Secure Service Store.  I've searched for similar solutions involving the SSS but I've not had any success yet.  Maybe I'm missing something obvious or going about it the wrong way.   We have an external application (actually, a number of external applications) we'd like to embed in our SharePoint site using an iframe or the Page Viewer web part.  The embedded application uses a custom forms based authentication scheme and I want to prevent the situation where a user has to log into our application then log into the embedded application.  Is there anything available the help post the credentials from SSS to the custom application?  The only think I can think to do is write some code that mimics a post to the login page of the embedded app and, if needed, write a stripped down or simpler login page for the embedded app to make that easier.  For my immediate task I have quite a bit of control over the source of both application and could write custom code on both sides if I had to, but I'd rather have a solution that only involve configuration or, at most, custom code on the SharePoint side.  Thanks,  Brandon 

Issues in GetItemDataSources web service call in 2008 Report Server R2

Hi, I'm using Reporting Services web services endpoint ReportService2005.asmx with 2008 report server R2 and I'm facing some issues in getting the data source names for a report definition using the GetItemDataSources web service. The problem is that the data source names returned are different from the names of the actual data sources on the report server. The report has the following data sources: 0 1 _0 _A Data Source And the names returned by the GetItemDataSources for 2008 report server R2 is: AutoGen_0 AutoGen_1 AutoGen__0 AutoGen__A Data_Source When I make the same calls using a 2005 report server, the names returned are the same as that in the report definition. To summarize, only numeric data source names are changed to "Autogen_<number>"(eg. Autogen_0), data source names beginning with "_" are changed to "Autogen_<data source name>"(eg. AutoGen__A)  and spaces are replaced by an "_".   What is the problem for the data source names returned for 2008 report server R2? Or has there been any change in the way in which report server stores the data source names? Thanks, Kulbhushan Singhal.  

Sharepoint Search and Secure Store Service not working

Hi There I am having issues with a few Sharepoint Services When I try to search for a document on any SharePoint site, I recieve an "Internal Server Error Exception". However when I checked the log files, I couldn't find any error messages matching with the given correlation ID. The search was working 2-3 weeks ago. Also 2 weeks ago, I started receiving warnings in the Health Analyzer saying “The Security token service is not available”. I am wondering if the security token service breaking down is related to the search issues, and if so what suggestions I could try to fix this issue. I am also unable to access the secure store service. In Central Administration->Application Management->Manage Service Applications, I try to click on the Secure Store Service, but there is no Proxy attached to the service, and I receive a message “No Secure Store Service Application Proxy ID was found”. When I check the Logfile, I receive these errors: 08/10/2010 11:11:32.94               w3wp.exe (0x18E4)                                      0x0ADC SharePoint Foundation     &nb

How to get all Secure Store Service (SSS) applications in the farm

Hello everyone, I am trying to use SharePoint 2010 Secure Store Service (next SSS) in my application to get credentials to external system. Is there any way to get all possible applications (IDs) from API provided. Currently I am using next code to get all applications: SecureStoreProvider provider = SecureStoreProviderFactory.Create() as SecureStoreProvider;             provider.Context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);             if (provider != null)             {                 foreach (var app in provider.GetTargetApplications())                 {                     Console.WriteLine(app.Name);                 }             } However it depends on SPServiceApplicationProxyGroup.Default and SPSiteSubscriptionIdentifier.Default parameters. So in case I remove SSS from

The Security Token Service is not available

I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

User Profile Service Application_SyncDB_0521bfcf77694b419f8086e9e7d94822 issues

HI, I following this try to fix my MOSS2010 USer profile Sych issues, http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/398f3553-5de7-456b-b935-4e22cee26b2f 1)    Login as farm account 2)    Backup the User Profile DB and the User Profile Sync DB 3)    Stop the SharePoint 2010 Timer service: PS D:\> net stop sptimerv4 4)    Delete the data in the Sync DB using the following PowerShell script: PS D:\> Get-SPDatabase 5)    Copy the GUID associated with the User Profile Sync DB in the command line below PS D:\> $syncdb=Get-SPDatabase -Id <GUID of User Profile Sync DB> 6)    Execute these commands, in exactly the following order. This is not a script. So please cut and paste each of these commands one by one. PS D:\> $syncdb.Unprovision() PS D:\> $syncdb.Status='Offline' PS D:\> Get-SPServiceApplication #Copy the GUID associated with the User Profile Service and paste it after "Id" in the next command: PS D:\> $upa=Get-SPServiceApplication -Id <GUID of User Profile Service PS D:\> $upa.ResetSynchronizationMachine() PS D:\> $upa.ResetSynchronizationDatabase() 7)    Provision the Sync DB: PS D:\> $syncdb.Provision() 8)    Add the User Profile Synchronization service account (farm account)

How to configure secure communication between web client in DMZ and WCF-service in domain



I have a question regarding security in this scenario:

In the DMZ I have an server hosting my Web application. I'm using HTTPS between the user/browser and my web application (using certificate).

My web application is supposed to communicate with a service behind the firewall (inside the domain) hosted in IIS 7.
I'm using wsHttpBinding between my web application and the WCF-service.If I have this security configuration everything works fine:

<binding name="WSHttpBinding_ServiceLong" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:20:30" <br/>

Can not print. All of the sudden Print spooler service not running. and .Net Framework issues


I am running Windows XP home SP3.  About 7 months ago I connected an HP printer to my computer along with a pdf print program.  Everything was fine until about 2 months ago. One day I tried to print and I received an error stating that Operation could not be completed.  The print spooler service is not running.  I cannot redownload my printer and all properties in the printer box in control panel is empty.  I have run the Microsoft fix it scan and others, etc.  They say it starts the spooler but it does not.  I still cannot add a printer nor print.  My printer recognizes my computer but not the other way around.  One scan said:  Printer:  Troubleshoot problems preventing from completing; Package Version: 2.0 Microsoft.  I have tried to repair .NET Framework 2.0 SP2 and it says cannot find netfx20a_x86.msi and then earlier tried to repair .NET Framework 3.5 but problem there as well.  I am not 100% computer savy but have been to always handle my own.  Would like uninstall all .NET Framework but am extremely afraid of what would happen.  PLEASE SOMEONE HELP ME.  I have been having problems for several months.  Also, I cannot defrag my drive to not enough space, yet I really do not have much on my hard drive so do not know what to do there either.  PLEASE HELP ME QUICKLY- BEFORE I LOO

How to secure a web service consumed with AJAX


When a web service is consumed from server side, the web service may be implemented in a way to check credentials of the caller. In the case of calling the web service from javascript, how to secure the service since no credentials can be passed into a javascript function becuase of the visibility in source view? 

Unable to set up a new Secure Store Service Application in a single-server installation


Problem: after initial SharePoint installation, I tried to add the Secure Store Service Application under "Manager Services Applications".  The process screen returns something like "The time job created.  But failed to start in one or more servers in the farm."  Further investigation found that in the SQL Server, the secure service account was not added under the Login user accounts.  The Secure_Store_Service_DB has been created, but not under the name of secure store service account.  In another word, the database was created but the action seems to be incomplete.

Background: this is a single server farm installation on Windows Server 2008 R2, SQL Server 2008 R2, with AD CS and AD DS, DNS roles enabled on the same box.  The configuration task was running with the farm admin account which is also a domain admin, and has dbcreator, securityadmin, and sysadmin roles in the SQL server.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend