Yes, I think that would be a good idea. Thanks Pablo.
-----Original Message----- From: Ben Dewey [mailto:[email protected]] Sent: Tuesday, October 13, 2009 12:57 PM To: [email protected] Subject: RE: .Net new passive STS impl. Pablo, I was just going to say that. Although keep in mind, if your asp.net application is running as NETWORK SERVICE (which it should be), then you'll have to choose the option to grant permission to \Everyone when running AuthorizeWcfServices.bat. Also, Pablo, this step is currently optional in the readme. Should we change this to required? -Ben Dewey -----Original Message----- From: Pablo Cibraro [mailto:[email protected]] Sent: Tuesday, October 13, 2009 11:53 AM To: [email protected] Subject: RE: .Net new passive STS impl. Chintana, The AuthorizeWcfServices.bat file in setup_utilities\Util gives the permissions that the ASP.NET account needs over the certificate. So, it just a matter of running that file to fix the issue. Thanks Pablo. -----Original Message----- From: Pablo Cibraro [mailto:[email protected]] Sent: Tuesday, October 13, 2009 12:25 PM To: [email protected] Subject: RE: .Net new passive STS impl. The Passive STS is using the Trade.com (stocktraderpfxfile.pfx) certificate for encrypting and signing the SAML tokens. It is looking for that certificate in the Trusted People certificate store. Regarding the error you are getting, it could be caused by two things: 1. That certificate is not installed properly in the certificate store (Or the private key is missing) 2. The account running the ASP.NET process does not have rights to get access to the certificate private key. If the STS can get access to that certificate, it will be able to issue a new token that you can use in the trade web application. Pablo. -----Original Message----- From: Chintana Wilamuna [mailto:[email protected]] Sent: Tuesday, October 13, 2009 12:14 PM To: [email protected] Subject: Re: .Net new passive STS impl. On Tue, Oct 13, 2009 at 8:31 PM, Pablo Cibraro <[email protected]> wrote: > You should be redirected to the TradeHome.aspx page after getting a new token > (selecting that option). I added that extra page in the passive STS to give > the option of logging with another user (and getting a new token for that > user). Not sure if the rest of the people is interested in having that > functionality, if they are not, I can remove it. Pablo, When I login, I'm not getting redirected to TradeHome.aspx. It says on the passive STS page. After clicking the "click here to get a new token" button, I'm getting an exception, System.Security.Cryptography.CryptographicException: Keyset does not exist Stack trace: [CryptographicException: Keyset does not exist ] System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +369 System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +151 System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +85 System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) +280 System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +468 System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() +64 System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) +22 Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) +522 Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() +187 Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() +253 Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion) +839 Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +255 Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) +379 Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) +932 Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +477 Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) +70 Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +271 Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) +121 Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context) +182 Microsoft.IdentityModel.Protocols.WSFederation.SignInResponseMessage..ctor(Uri baseUrl, RequestSecurityTokenResponse response, WSFederationSerializer federationSerializer, WSTrustSerializationContext context) +94 Microsoft.IdentityModel.Web.Controls.FederatedPassiveTokenService.ProcessSignInRequest(SignInRequestMessage requestMessage) +372 Microsoft.IdentityModel.Web.Controls.FederatedPassiveTokenService.OnPreRender(EventArgs e) +1621 System.Web.UI.Control.PreRenderRecursiveInternal() +108 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Control.PreRenderRecursiveInternal() +224 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3394 Any idea what I may be doing wrong? Or a step I might have missed? Bye, -Chintana -- http://engwar.com/
