locked
Token class - Cannot find token EncryptedMethod

    Question

  • Hi, An unhandled exception ocurred when I try to use TokenProcessor's Token class. 
    I use this code into the page load:

            String xml = Request.Params["xmlToken"];
            Token token = new Token(xml);
            String givenName = token.Claims[ClaimTypes.GivenName];
            String surName = token.Claims[ClaimTypes.Surname];
            Label1.Text = String.Format("Bienvenido {0} {1}",givenName,surName);

    and I get this exception "System.ArgumentException: Cannot find token EncryptedMethod."

    // Find the EncryptionMethod element, grab the Algorithm Line 460: if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace)) Line 461: throw new ArgumentException("Cannot find token EncryptedMethod."); Line 462: encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    I appreciate any help.
    Friday, September 12, 2008 2:43 AM

All replies

  • Can you confirm that the token is encrypted?

    It is possible that token might not be encrypted by the identity provider (when using managed card) or when visiting non-ssl site with self-issued cards.

    If it is encrypted, can you post the xmlToken?

    Friday, September 12, 2008 5:45 AM
  • Sorry, i don't know about this, but, the token is readable.
    This is the token. I can read that the SignatureMethos is rsa-sha1.



    <saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\" Issuer=\"http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self\" IssueInstant=\"2008-09-12T11:56:24.558Z\" xmlnsTongue Tiedaml=\"urnSurpriseasis:names:tcTongue TiedAML:1.0:assertion\"><saml:Conditions NotBefore=\"2008-09-12T11:56:24.558Z\" NotOnOrAfter=\"2008-09-12T12:56:24.558Z\"><saml:AudienceRestrictionCondition><saml:Audience>http://localhost:6295/snippet%20app/SignInWithInformationCard.html</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><samlTongue Tiedubject><samlTongue TiedubjectConfirmation><saml:ConfirmationMethod>urnSurpriseasis:names:tcTongue TiedAML:1.0:cm:bearer</saml:ConfirmationMethod></samlTongue TiedubjectConfirmation></samlTongue Tiedubject><saml:Attribute AttributeName=\"givenname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Gabriel</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"surname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Bulfon</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"privatepersonalidentifier\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>OJunvSR5PgpUci9rLHZjt6L8aZUhnstxVsCXzBlwIow=</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"emailaddress\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>gbulfon@gmail.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></CanonicalizationMethod><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></SignatureMethod><Reference URI=\"#SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></Transform><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></DigestMethod><DigestValue>o363L83BdCyI814LZpfwWZGmwb8=</DigestValue></Reference></SignedInfo><SignatureValue>dVC97135woVSl2OmaNxxSeTcQwZEtnKYVMtpNUkfO777Y9RF76Zum22A5AsG0iNB5Nhh5s9wlyHJ3Ztv3DYROUtGLeDpqQMw9d7HXCwkleGYDX9XAehfeQGv5MK3g1aRIAEuDerPLaUBhtLK+kR74cDsVa91ScBxI9uxgmFnw7Xy+joxcuRbjNaj10OytxMprySTq/L2f15Vsyk3kT6yxT+XVZotbg+0j9Zy4iFXnBcJMrx4zBV7Dczh7AtDBZNVE35Kehz9FZMdT5d6hyUSu1hawn+QMMsWocb9RrgpQ2w+PtF/AsmZjlLTwFjZ39pMhohz6r6SlHpSu2BYzoBX5Q==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>pYPErXkZxWip2FlwJO36TBwrfym4+8BXHHkWDpvF7pTmuVVRmGK1GklqYqOY7zcxjjfYqypwI5CGnTGjQcqRFgQgp7CK3Q8qy29qyd+2WsnGM77P6bifY/Zm3Ov7hkMO7hi6wn5557ZiLNfZISuucAGAshGk6wZqwh9DzwGuoL44jVyf3c3LrY0qGrIq8nAVjpkvFACCokPUZbm1gv+5+Xs5IvWQ6w4lzTuBByf9LbUWaDHWfq1AIcjmmPXkDh884UjBt42wwKA9lX1t/VCnmBKiGECQg4zcNRVcnqzZAy+NxHnSHRvSDkY79A/md93ETKsc4BdQsTwjrE5k02N65w==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></saml:Assertion>"
    Friday, September 12, 2008 12:05 PM
  • OK so your test website doesn't have an SSL certificate, so the token cannot be encrypted. This is fine, but the parsing code that MS provides doesn't cope with that scenario *grin*

    So you can edit it so if the encryption element isn't present it skips un-encrypting and goes directly to parsing; which version of the parsing code are you using? Where did it come from?


    Friday, September 12, 2008 1:02 PM
  • I use the Microsoft.IdentityModel.TokenProcessor.Token class that Visual Studio 2008 Training Kit provide.I deep more into the doc and I see that SSL is required.

     

    I install SSL certificate and try again. Now, i receive this:

     

    Keyset does not exist

    Line 510: if (null == alg) Line 511: throw new ArgumentException("Could not determine Symmetric Algorithm"); Line 512: alg.Key = (certificate.PrivateKey as RSACryptoServiceProvider).Decrypt(symmetricKeyData, true); ; Line 513: int ivSize = alg.BlockSize / 8; Line 514: byte[] iv = new byte[ivSize];

     

     

    Again, the problem are with Token class.

    regards

     

    Saturday, September 13, 2008 2:34 PM
  • Did you grant yourself access to the private key of the certificate used, or if you're hosting in IIS grant it to the IIS process account?
    Saturday, September 13, 2008 5:03 PM
  • Hello Everyone,

    I was getting my hands dirty with WCS and for a simplicity I wanted to avoid Certificate and IIS Setup. I created small demo application in VS 2008 and ran it and on click of Card it shown me the same error:

    throw new ArgumentException("Cannot find token EncryptedMethod."); 

    After reading a bit i figured out following thing:

    Root cause : non-ssl site. Current MS's TokenProcessor deals with SSL cards only and which is fine. But for the users who are like me. Can use following trick to make it working in VS 2008 hosted websites as well which runs on non-SSL.

    1. Open your TokenProcessor.cs

    2. Find your error message : "Cannot find token EncryptedMethod.". it should look like this:

    if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                    throw new ArgumentException("Cannot find token EncryptedMethod.");
                encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    3. Now, Change it to something like this:

    // Find the EncryptionMethod element, grab the Algorithm
                if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                    //throw new ArgumentException("Cannot find token EncryptedMethod.");
                    // Return data
                    return UnicodeEncoding.Default.GetBytes(xmlToken);
                encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    That's it!

    If it works! Say thanks to this article writer : http://www.outofcoffeeexception.de/CategoryView,category,Windows+CardSpace.aspx

    Happy Coding! :-)

    Cheers,

    Kiran Patil


    I am Begineer
    Friday, November 19, 2010 6:31 PM
  • I cant the answer properly on this page, seems like some code around here messed my browser.
    White Carpet Kitchen Carpet
    Friday, September 23, 2011 3:00 PM