Been bashing my head against this (WIF: ID1014: The signature is not valid. The data may have been tampered with) problem now for about a week. WIF tracing has been useless in trying to solve this. For my own sanity sake, here are the possible causes that I have found so far that could cause it.
So what is this OAuth? This is what wikipedia says: OAuth is an open standard for authorization, commonly used as a way for Internet users to authorize websites or applications to access their information on other websites but without giving them the passwords.[1] This mechanism is used by companies such as Google, Facebook, Microsoft and… Read More »
In the following example i will show how to build an Identity Provider also called a passive security token service (IP-STS) that issues tokens using WS-Federation. This post builds on work done in a previous post, Create your own active STS. In this article I will show how to create a complete working example of an… Read More »
Figured that I would start a post dealing specifically with all the terms we find in the Identity world. Ill add to this post as time goes on…
I created a windows forms application sample that can assist with decoding to FedAuth tokens captured from tools like Fiddler, source is included. It is downloadable from this link.
Today I had an interesting situation. I had the need to see the requests and responses internal to my Asp application. Now normally one can use fiddler to see the requests and response to your application but how does one see http requests that the application might be making internally between itself and other components? After… Read More »
As in .net framework it is just as important to add security headers to your asp.net core project to harden the security posture of your web application.
Back story Hi, please bear with me on this long blog post. There is lots to explain and the topic is not a easy one. In the last 3 months my team and I struggled with a problem in our SOA solution. We have a business requirement that requires that we need to service 250 concurrent connections… Read More »
The “Keyset does not exist” error occurs when a process is trying to manage the private keys of a certificate but the process does not have permission to do so.
So what is new in C# 6.0? I am documenting the new features in C# 6.0 simply to keep myself up to date and maybe someone else will also benefit.
This is a standards document that I drew up for a web services project that my team was working on. You will notice that the diagrams are done at a very high overview level. The document below can be viewed as my personal approach to how I prefered the UML diagrams to be done. Some of… Read More »
“The queue does not exist or you do not have sufficient permissions” If you get the following error with MSMQ it might be that your MSMQ is not correctly installed or that you have not provided the correct permissions when the queues where created.
WCF provides the following aspects as out of the box features. You as the software engineer simply need to enable and configure each of these. In some circumstances you get the benefit of these aspects without even knowing about it.
A passive STS (IP-STS) is a website that issues a token and uses the browser to direct the flow of the application through redirects. The following example will be integrating a website with a passive STS that issues tokens using the WS-Federation standard. Click here if you wish to see how to create your own passive STS.