locked
Token class - Cannot find token EncryptedMethod

    Pregunta

  • Hi, An unhandled exception ocurred when I try to use TokenProcessor's Token class. 
    I use this code into the page load:

            String xml = Request.Params["xmlToken"];
            Token token = new Token(xml);
            String givenName = token.Claims[ClaimTypes.GivenName];
            String surName = token.Claims[ClaimTypes.Surname];
            Label1.Text = String.Format("Bienvenido {0} {1}",givenName,surName);

    and I get this exception "System.ArgumentException: Cannot find token EncryptedMethod."

    // Find the EncryptionMethod element, grab the Algorithm Line 460: if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace)) Line 461: throw new ArgumentException("Cannot find token EncryptedMethod."); Line 462: encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    I appreciate any help.
    viernes, 12 de septiembre de 2008 2:43

Todas las respuestas

  • Can you confirm that the token is encrypted?

    It is possible that token might not be encrypted by the identity provider (when using managed card) or when visiting non-ssl site with self-issued cards.

    If it is encrypted, can you post the xmlToken?

    viernes, 12 de septiembre de 2008 5:45
  • Sorry, i don't know about this, but, the token is readable.
    This is the token. I can read that the SignatureMethos is rsa-sha1.



    <saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\" Issuer=\"http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self\" IssueInstant=\"2008-09-12T11:56:24.558Z\" xmlnsTongue Tiedaml=\"urnSurpriseasis:names:tcTongue TiedAML:1.0:assertion\"><saml:Conditions NotBefore=\"2008-09-12T11:56:24.558Z\" NotOnOrAfter=\"2008-09-12T12:56:24.558Z\"><saml:AudienceRestrictionCondition><saml:Audience>http://localhost:6295/snippet%20app/SignInWithInformationCard.html</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><samlTongue Tiedubject><samlTongue TiedubjectConfirmation><saml:ConfirmationMethod>urnSurpriseasis:names:tcTongue TiedAML:1.0:cm:bearer</saml:ConfirmationMethod></samlTongue TiedubjectConfirmation></samlTongue Tiedubject><saml:Attribute AttributeName=\"givenname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Gabriel</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"surname\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>Bulfon</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"privatepersonalidentifier\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>OJunvSR5PgpUci9rLHZjt6L8aZUhnstxVsCXzBlwIow=</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName=\"emailaddress\" AttributeNamespace=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims\"><saml:AttributeValue>gbulfon@gmail.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></CanonicalizationMethod><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></SignatureMethod><Reference URI=\"#SamlSecurityToken-b0ab120d-cbb6-4a57-bb64-423d545154ca\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></Transform><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></DigestMethod><DigestValue>o363L83BdCyI814LZpfwWZGmwb8=</DigestValue></Reference></SignedInfo><SignatureValue>dVC97135woVSl2OmaNxxSeTcQwZEtnKYVMtpNUkfO777Y9RF76Zum22A5AsG0iNB5Nhh5s9wlyHJ3Ztv3DYROUtGLeDpqQMw9d7HXCwkleGYDX9XAehfeQGv5MK3g1aRIAEuDerPLaUBhtLK+kR74cDsVa91ScBxI9uxgmFnw7Xy+joxcuRbjNaj10OytxMprySTq/L2f15Vsyk3kT6yxT+XVZotbg+0j9Zy4iFXnBcJMrx4zBV7Dczh7AtDBZNVE35Kehz9FZMdT5d6hyUSu1hawn+QMMsWocb9RrgpQ2w+PtF/AsmZjlLTwFjZ39pMhohz6r6SlHpSu2BYzoBX5Q==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>pYPErXkZxWip2FlwJO36TBwrfym4+8BXHHkWDpvF7pTmuVVRmGK1GklqYqOY7zcxjjfYqypwI5CGnTGjQcqRFgQgp7CK3Q8qy29qyd+2WsnGM77P6bifY/Zm3Ov7hkMO7hi6wn5557ZiLNfZISuucAGAshGk6wZqwh9DzwGuoL44jVyf3c3LrY0qGrIq8nAVjpkvFACCokPUZbm1gv+5+Xs5IvWQ6w4lzTuBByf9LbUWaDHWfq1AIcjmmPXkDh884UjBt42wwKA9lX1t/VCnmBKiGECQg4zcNRVcnqzZAy+NxHnSHRvSDkY79A/md93ETKsc4BdQsTwjrE5k02N65w==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></saml:Assertion>"
    viernes, 12 de septiembre de 2008 12:05
  • OK so your test website doesn't have an SSL certificate, so the token cannot be encrypted. This is fine, but the parsing code that MS provides doesn't cope with that scenario *grin*

    So you can edit it so if the encryption element isn't present it skips un-encrypting and goes directly to parsing; which version of the parsing code are you using? Where did it come from?


    viernes, 12 de septiembre de 2008 13:02
  • I use the Microsoft.IdentityModel.TokenProcessor.Token class that Visual Studio 2008 Training Kit provide.I deep more into the doc and I see that SSL is required.

     

    I install SSL certificate and try again. Now, i receive this:

     

    Keyset does not exist

    Line 510: if (null == alg) Line 511: throw new ArgumentException("Could not determine Symmetric Algorithm"); Line 512: alg.Key = (certificate.PrivateKey as RSACryptoServiceProvider).Decrypt(symmetricKeyData, true); ; Line 513: int ivSize = alg.BlockSize / 8; Line 514: byte[] iv = new byte[ivSize];

     

     

    Again, the problem are with Token class.

    regards

     

    sábado, 13 de septiembre de 2008 14:34
  • Did you grant yourself access to the private key of the certificate used, or if you're hosting in IIS grant it to the IIS process account?
    sábado, 13 de septiembre de 2008 17:03
  • Hello Everyone,

    I was getting my hands dirty with WCS and for a simplicity I wanted to avoid Certificate and IIS Setup. I created small demo application in VS 2008 and ran it and on click of Card it shown me the same error:

    throw new ArgumentException("Cannot find token EncryptedMethod."); 

    After reading a bit i figured out following thing:

    Root cause : non-ssl site. Current MS's TokenProcessor deals with SSL cards only and which is fine. But for the users who are like me. Can use following trick to make it working in VS 2008 hosted websites as well which runs on non-SSL.

    1. Open your TokenProcessor.cs

    2. Find your error message : "Cannot find token EncryptedMethod.". it should look like this:

    if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                    throw new ArgumentException("Cannot find token EncryptedMethod.");
                encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    3. Now, Change it to something like this:

    // Find the EncryptionMethod element, grab the Algorithm
                if (!reader.ReadToDescendant(XmlEncryptionStrings.EncryptionMethod, XmlEncryptionStrings.Namespace))
                    //throw new ArgumentException("Cannot find token EncryptedMethod.");
                    // Return data
                    return UnicodeEncoding.Default.GetBytes(xmlToken);
                encryptionAlgorithm = reader.GetAttribute(XmlEncryptionStrings.Algorithm).GetHashCode();

    That's it!

    If it works! Say thanks to this article writer : http://www.outofcoffeeexception.de/CategoryView,category,Windows+CardSpace.aspx

    Happy Coding! :-)

    Cheers,

    Kiran Patil


    I am Begineer
    viernes, 19 de noviembre de 2010 18:31
  • I cant the answer properly on this page, seems like some code around here messed my browser.
    White Carpet Kitchen Carpet
    viernes, 23 de septiembre de 2011 15:00