locked
ADFS and multiple app pool RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-50666533 posted

    Hello,

    I have a claims aware site setup to utilize ADFS.  The site hosts multiple web applications which is getting the following error.  

    Key not valid for use in specified state.
 
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

    The claims authentication works find for the main site.  The moment I access an application that utilizes a different app pool I get the above error.  Changing the app pool to be the same as the main site does resolve this issue.  

    Has anyone had any experience in working with this?  I have not been able to find any solutions online. Any guidance would be greatly appreciated!

    Thank you!

    Thursday, July 26, 2018 10:11 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User368658061 posted

    Hello,

    82TT

    Key not valid for use in specified state.
 
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

    The claims authentication works find for the main site.  The moment I access an application that utilizes a different app pool I get the above error.  Changing the app pool to be the same as the main site does resolve this issue.  

    According to your description and error message , the issue is related to the others application pool didn't decrypt the token from ADFS. 

    There has  some questions need confirm with you:

    1.  Could you please check the application Pool Identity settings? You could share the application pool identity  information of  these two sites.  Or you can change the Identity to NetworkService .
    2. I guess you used the session encrypt the token .Did you clear all cache and cookie before you request the other sites?
    3. If you can get the more stack trace, please provided details of stacks and ADFS setting on 2 sites. Meanwhile, please remove the privacy information. 

    Looking forward to your reply. 

    Thanks,

    Will

    Tuesday, July 31, 2018 10:18 AM