Token class - Cannot find token EncryptedMethod

Question

Hi, An unhandled exception ocurred when I try to use TokenProcessor's Token class. 

I use this code into the page load:

        String xml = Request.Params["xmlToken"];

        Token token = new Token(xml);

        String givenName = token.Claims[ClaimTypes.GivenName];

        String surName = token.Claims[ClaimTypes.Surname];

        Label1.Text = String.Format("Bienvenido {0} {1}",givenName,surName);

and I get this exception "System.ArgumentException: Cannot find token EncryptedMethod."

// Find the EncryptionMethod element, grab the Algorithm Line 460: if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace)) Line 461: throw new ArgumentException("Cannot find token EncryptedMethod."); Line 462: encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

I appreciate any help.

Answer 1

Can you confirm that the token is encrypted?

It is possible that token might not be encrypted by the identity provider (when using managed card) or when visiting non-ssl site with self-issued cards.

If it is encrypted, can you post the xmlToken?

Answer 2

Sorry, i don't know about this, but, the token is readable.

This is the token. I can read that the SignatureMethos is rsa-sha1.

<saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\" Issuer=\"http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self\" IssueInstant=\"2008-09-12T11:56:24.558Z\" xmlnsaml=\"urnasis:names:tcAML:1.0:assertion\"><saml:Conditions NotBefore=\"2008-09-12T11:56:24.558Z\" NotOnOrAfter=\"2008-09-12T12:56:24.558Z\"><saml:AudienceRestrictionCondition><saml:Audience>http://localhost:6295/snippet%20app/SignInWithInformationCard.html</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><samlubject><samlubjectConfirmation><saml:ConfirmationMethod>urnasis:names:tcAML:1.0:cm:bearer</saml:ConfirmationMethod></samlubjectConfirmation></samlubject><saml:Attribute AttributeName=\"givenname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Gabriel</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"surname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Bulfon</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"privatepersonalidentifier\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>OJunvSR5PgpUci9rLHZjt6L8aZUhnstxVsCXzBlwIow=</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"emailaddress\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>gbulfon@gmail.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></CanonicalizationMethod><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></SignatureMethod><Reference URI=\"#SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></Transform><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></DigestMethod><DigestValue>o363L83BdCyI814LZpfwWZGmwb8=</DigestValue></Reference></SignedInfo><SignatureValue>dVC97135woVSl2OmaNxxSeTcQwZEtnKYVMtpNUkfO777Y9RF76Zum22A5AsG0iNB5Nhh5s9wlyHJ3Ztv3DYROUtGLeDpqQMw9d7HXCwkleGYDX9XAehfeQGv5MK3g1aRIAEuDerPLaUBhtLK+kR74cDsVa91ScBxI9uxgmFnw7Xy+joxcuRbjNaj10OytxMprySTq/L2f15Vsyk3kT6yxT+XVZotbg+0j9Zy4iFXnBcJMrx4zBV7Dczh7AtDBZNVE35Kehz9FZMdT5d6hyUSu1hawn+QMMsWocb9RrgpQ2w+PtF/AsmZjlLTwFjZ39pMhohz6r6SlHpSu2BYzoBX5Q==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>pYPErXkZxWip2FlwJO36TBwrfym4+8BXHHkWDpvF7pTmuVVRmGK1GklqYqOY7zcxjjfYqypwI5CGnTGjQcqRFgQgp7CK3Q8qy29qyd+2WsnGM77P6bifY/Zm3Ov7hkMO7hi6wn5557ZiLNfZISuucAGAshGk6wZqwh9DzwGuoL44jVyf3c3LrY0qGrIq8nAVjpkvFACCokPUZbm1gv+5+Xs5IvWQ6w4lzTuBByf9LbUWaDHWfq1AIcjmmPXkDh884UjBt42wwKA9lX1t/VCnmBKiGECQg4zcNRVcnqzZAy+NxHnSHRvSDkY79A/md93ETKsc4BdQsTwjrE5k02N65w==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></saml:Assertion>"

Answer 3

OK so your test website doesn't have an SSL certificate, so the token cannot be encrypted. This is fine, but the parsing code that MS provides doesn't cope with that scenario *grin*

So you can edit it so if the encryption element isn't present it skips un-encrypting and goes directly to parsing; which version of the parsing code are you using? Where did it come from?

Answer 4

I use the Microsoft.IdentityModel.TokenProcessor.Token class that Visual Studio 2008 Training Kit provide.I deep more into the doc and I see that SSL is required.

 

I install SSL certificate and try again. Now, i receive this:

 

Keyset does not exist

Line 510: if (null == alg) Line 511: throw new ArgumentException("Could not determine Symmetric Algorithm"); Line 512: alg.Key = (certificate.PrivateKey as RSACryptoServiceProvider).Decrypt(symmetricKeyData, true); ; Line 513: int ivSize = alg.BlockSize / 8; Line 514: byte[] iv = new byte[ivSize];

 

 

Again, the problem are with Token class.

regards

 

Answer 5

Did you grant yourself access to the private key of the certificate used, or if you're hosting in IIS grant it to the IIS process account?

Answer 6

Hello Everyone,

I was getting my hands dirty with WCS and for a simplicity I wanted to avoid Certificate and IIS Setup. I created small demo application in VS 2008 and ran it and on click of Card it shown me the same error:

throw new ArgumentException("Cannot find token EncryptedMethod."); 

After reading a bit i figured out following thing:

Root cause : non-ssl site. Current MS's TokenProcessor deals with SSL cards only and which is fine. But for the users who are like me. Can use following trick to make it working in VS 2008 hosted websites as well which runs on non-SSL.

1. Open your TokenProcessor.cs

2. Find your error message : "Cannot find token EncryptedMethod.". it should look like this:

if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                throw new ArgumentException("Cannot find token EncryptedMethod.");
            encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

3. Now, Change it to something like this:

// Find the EncryptionMethod element, grab the Algorithm
            if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                //throw new ArgumentException("Cannot find token EncryptedMethod.");
                // Return data
                return UnicodeEncoding.Default.GetBytes(xmlToken);
            encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

That's it!

If it works! Say thanks to this article writer : http://www.outofcoffeeexception.de/CategoryView,category,Windows+CardSpace.aspx

Happy Coding! :-)

Cheers,

Kiran Patil

---

I am Begineer

Answer 7

I cant the answer properly on this page, seems like some code around here messed my browser.

---

White Carpet Kitchen Carpet