WSProfile Example of Sept 2005 CTP conversion to June CTP. Stuck.

Question

I need the equivalent of the SecurityTokenServiceSamples folder from the FederatedIdentityAndAccessResourceKitSept2005CTP.msi that works with JuneCTP. I asked Nigel in another post if that sample is located in the Windows SDK as I was unable to find it.

In the meantime I am trying to convert the WSProfile sample to work in the June CTP.

I have it compiling correctly. I made minor Reference changes, using changes, and .config file changes. I can generate the mex and produce the new code for the generatedProxy.cs.

When I run the sample, CardSpace pops up and I send the service my card. But the client comes back with this exception:

------------------------

Exception Type: System.ServiceModel.Security.SecurityNegotiationException
The token provider cannot get tokens for target 'http://xxxxxxx.com/ServiceModelSamples/service.svc'.
 -- Inner Exception:
SOAP security negotiation with 'http://xxxxxxx.com/ServiceModelSamples/service.svc' for target 'http://xxxxxxx.com/ServiceModelSamples/service.svc' failed. See inner exception for more details.

 -- Inner Exception:
The X.509 certificate CN=Fabrikam chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation for the certificate.

-------------------------

A few things I have tried so far:

1) I imported the WSProfile\InfoCard\CS\SampleResources\PublicKeyCertificates\Fabrikam-Contoso-Public.cer into the Local Computer Trusted Root Certification Authorities. It was already in Trusted People and the .pfx is in Personal.

2) In the server's web.config, I changed CertificateValidationMode to both PeerOrChainTrust and None. I also changed RevocationMode to NoCheck. (I used the Service Config Windows SDK tool)

3) I added a behaviour to the client's app.config to set CertificateValidationMode to PeerOrChainTrust and RevocationMode to NoCheck.

4) I changed Security NegotiateServiceCredential to False in config files of both client and server but got a different error:

-------------------

Exception Type: System.ServiceModel.Security.MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See
 the inner FaultException for the fault code and detail.
 -- Inner Exception:
An error occurred when processing the security tokens in the message.

---------------------

 

Answer 1

Normac - the FIARK (Federated Identity and Access Resource Kit) was only compatible with the Sept 2005 CTP of WinFX. It is not compatible with subsequent CTP's since quite a lot has changed of late (change == improve!).

We'll shortly launch a new raft of demos and samples at www.netfx3.com that have been tested on more recent builds and I would urge you to focus on these samples rather than the outdated samples in the FIARK.

Hope this helps.