.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

saml token..

Posted By:      Posted Date: October 14, 2010    Points: 0   Category :ASP.Net


I am working with saml token for the first time. If I passed authentication and received the saml token from a 3rd party id provider, where is the saml token stored when I landed back to my page (default.aspx)?? 


View Complete Post

More Related Resource Links

SAML Token Deserialization Performance


I have an IDispatchMessageInspector which is deserializing a SAML Token contained in the SOAP message header.

To do the deserialization I am using the following code:





List<SecurityToken> tokens = new List<SecurityToken>();

tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate()));

SecurityTokenResolver outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(tokens), true);

SecurityToken token = WSSecurityTokenSerializer.DefaultInstance.ReadToken(xr, outOfBandTokenResolver);

The problem I am seeing is that the performance of the ReadToken call varies depending on the account that is running the windows service (in which the WCF service is hosted).

If the service is running as a windows domain account the elapsed time for the ReadToken call is virtually zero. When running as a local machine account the call takes about 1 second.


Can anyone shed any light on what is going on here and why the account running this bit of code makes a difference as to its performance?


SAML token and impersonation for SAP connection


I am connecting SharePoint 2010 to SAP. I am using CBA from SAML. When user logs in for the first time in SharePoint, he/she would get the SAML token, after this should we use the same SAML token and propagate it to WCF and SAP or impersonate the logged in user with SAP user id?

Validating a SAML token at WCF Data Service level


I  have a WPF client which request a SAML token from the STS. After receiving the SAML token the WPF client sends the SAML token as part of the request header to the WCF data service. At the WCF data service level the request is interpreted by the Authorisation manager. I wanted to know is there any way to parse and authenticate this SAML token at the service level that its a valid saml token.

Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth


I'm currently experiencing a spinloop wait type with command of Unknown Token. The issue occured when I copied DB filed from another server and attempted to attach it -using the SSMS wizard - to the affected DB. The attach failed due to an OS permission error but the database engine - for no clear reason - mounted the DB in a Recovery/Read Only mode; the transaction did not rollback. This rogue DB cannot be altered, dropped, detached, etc and KILL command fails against the culprit SPID. In the DB log there is a stack dump at Location:  "logmgr.cpp":5527, * Expression:  !(minLSN.m_fSeqNo < lfcb->lfcb_fSeqNo). And the errors: Error: 17066, Severity: 16, State: 1; Error: 3624, Severity: 20, State: 1. The logs continue thereafter with the following: Process 29:0:0 (0xe48) Worker 0x0000000015D6E1C0 appears to be non-yielding on Scheduler 18. Thread creation time: 12927361417467. Approx Thread CPU Used: kernel 46 ms, user 4040 ms. Process Utilization 7%. System Idle 88%. Interval: 132567 ms. I also discovered that sql server agent will not run jobs although the serive is running. Its logs read: 2010-08-27 08:36:26 - ? [393] Waiting for SQL Server to recover databases... 2010-08-27 10:41:59 - ? [131] SQLSERVERAGENT service stopping due to a stop request from a user, process, or the OS... 2010-08-27 10:42:00 - ? [098] SQLServerAgent term

LINQ to SQL compiler error CS1519: Invalid token 'void' in class, struct, or interface member decl

I get the following compiler errors when creating my first LINQ to SQL class (I just dragged a table "ProfileExtended" onto the designer and hit build):DataClasses.designer.cs(31,11): error CS1519: Invalid token 'void' in class, struct, or interface member declaration these are the offending lines of autogenerated code:#region Extensibility Method Definitions  partial void OnCreated();  partial void InsertProfileExtended(ProfileExtended instance);  partial void UpdateProfileExtended(ProfileExtended instance);  partial void DeleteProfileExtended(ProfileExtended instance);  #endregion

Post the SAML Response in an HTML form to the assertion consumer service

Hi,   Can anyoner please help me in how to post the SAML Response in an HTML form to the assertion consumer service. I have generated the saml reponse and want to send the same to the re-directing url.  

Claims Walkthrough: Creating Trusted Login Providers (SAML Sign-in) for SharePoint 2010

Learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS

Claims to windows token service wont start in Central administration

Not sure if this is a bug or some setting I just dont understand but I cannot get the claims to windows token service from manage services to show as started. When I click start I get this error in the event viewer: An attempt to start/stop instance of service Claims to Windows Token Service on server <SERVERNAME> did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. c2wts (DOMAIN\sp_farm) I have searched and searched for an answer. This thread http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/6b865ead-970b-4460-9dcf-1cc6d6d8530b talks about needing a connection to the internet, but my server is connected to the internet so i think i can rule that out. Also I have read that c2wts depends on the crypto service. I have run this command with no success: sc config c2wts depend= cryptsvc I can start the c2wts service through services.msc and it is succesful. But central administration still shows it is stopped. I have also re-run the installer in repair mode, and re-run the initial configuration wizard, maintaining all of the same settings as the previous installation. That didn't help. Basically, I'm out of ideas and I cant find much about this on the web. Any ideas?

Cannot read the token from the 'SignatureConfirmation' element..(Java-WCF)

Hi, I have a WCF(3.5) client talking to a Java Web Service (Spring-WS, WSS4J), the client fails while recieving the response from server giving the following exception message Cannot read the token from the 'SignatureConfirmation' element with the 'http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified.  Here is my client configuration <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="DISEndPointBehaviour"> <clientCredentials> <clientCertificate storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" findValue="shameerpartner"/> <serviceCertificate> <defaultCertificate storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" findValue="dis"/> <authentication certificateValidationMode="PeerOrChainTrust"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <customBinding> <binding name="DISMutualCertificateDuplexBinding"> <textM

Security Context Token verification failed. (The security protocol cannot verify the incoming messag

Hello, I would like implement Message Lever security with username/password authentication on HTTP. My environment looks something like this.  Server Side - Message lever security is configured on service.           <security mode="Message">             <message clientCredentialType="UserName" negotiateServiceCredential="True"/>           </security> - CA and self signed certificates are created on server and configured. ServiceCredentials are looks like this <serviceCredentials> <serviceCertificate findValue="CertForIdm" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" /> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="IfMembershipProvider" /> </serviceCredentials> Client Side (References are generated by VS) - Binding configuration                 <binding name="WSHttpBinding_IWaypoint2" closeTimeout="00:11:00"                     openTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:11:00"  &nb

Implementing Single Sign-On using SAML 1.1, x.509, LDAP in C#.net

Hi, I got a requirement from the client i.e implementing single sing on using SAML 1.1( LDAP & X.509)in .net. I searched almost entire internet but no use. I have perfect knowledge regarding SAML but i dont know how to implement it in C#.net. Where do i get any papers or document that tells how to implement SSO using SAML in .net . What are the key steps involved in implementing it? What are the topics i need to cover to complete this task. I am literally struck at this point, any help would be apprciated. Thanks in advance sam

Token-based server access validation failed with an infrastructure error

Hi We have a new Win 2008 Enterprise x64 server running SQL 2008When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:"Token-based server access validation failed with an infrastructure error"What needs to be configured here for this to work ?ThanksBruce

Large amount of handles of type token using role manager and authorisation manager (azman)

First you'll need some background on the application.  ASP.net application using .net framework 3.5. Security to the application is controlled with impersonation, using a role manager connecting to an azman store which uses Active Directory groups for security. As demoed in the following msdn link ... http://msdn.microsoft.com/en-us/library/ff649313.aspxAfter 50 or so users access the application throughout the day, eventually the application stops responding or users start to experience images not displaying etc and the application pool has to be recycled (typical symptoms of the server running out of memory).  Looking at the application memory usage and available memory on the server this does not appear to be the issue, investigations so far have lead me to think this is to do with Security Token Handles.  I've used process explorer to monitor the asp.net application and handles for the application steadily increase with every page that is accessed and eventually hit 38,000 this is when the application dies.  I've read various links saying that applications should use between 2,000-10,000 handles and any number near 40,000 makes the application unusable (this is the exact behaviour we are experiencing).  Using process explorer and handle.exe from the windows sysinternals site I

The Security Token Service is not available

I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

The trusted login provider did not supply a token accepted by this farm

I followed the http://blogs.pointbridge.com/Blogs/nielsen_travis/Pages/Post.aspx?_ID=33  to authenticate user from ADFS 2.0 with SharePoint 2010 web Application . I got this problem not able to find the couse of it.  I have given read permission to serviceaccount and App pool acount. still I get this error.  Any suggestion is appreciated. Server Error in '/_trust' Application. -------------------------------------------------------------------------------- The trusted login provider did not supply a token accepted by this farm. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.FaultException: The trusted login provider did not supply a token accepted by this farm. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  Stack Trace: [FaultException: The trusted login provider did not supply a token accepted by this farm.]    Microsoft.IdentityModel.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +328    Microsoft.IdentityMode
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend