I received a fresh laptop this week and after installing a fresh copy of Visual Studio 2017 Professional, I started getting the following error when trying to add a reference to a project.
Recently I had to investigate for a situation where a user would sign into a Google chrome account and a desktop application on the same machine had to somehow pick up the cookie and use it to communicate to web services, very similar to Cross browser \ application SSO.
Memory leak within WCF? So yesterday my team had to trace a possible memory issue within our application. We used the built in memory tools within Visual Studio and identified that the ‘leak’ was within our WCF infrastructure. What was strange was that the problem came from the System.ServiceModel.Channels.BufferManager which is native .net code… So how… Read More »
Bug in RemoveServerHeader attribute for IIS 10+ There is a bug in RemoveServerHeader for IIS 10+ as documented here. I documented the new attribute in IIS 10 here back in March 2018.
I wrote this small single file aspx utility that can be dropped in a asp.net website. The utility will allow the user to view the claims within the token.
It can often be a problem to trace problems with SAML as WS-Federation. Here are some plugins that I have found that can make your live easier.
What is LDAPS? LDAP stands for Lightweight Directory Access Protocol. It is the protocol used to talk to Active Directory (AD). Some people confuse to two and refer to AD as LDAP. LDAPS is the LDAP protocol but with security similar to HTTP and HTTPS. an SSL certificate is used to encrypt the traffic flowing… Read More »
Invalid Base64 characters? Invalid XML? Anyone that has had to work with these FedAuth tokens would have experienced errors with the format of the FedAuth tokens.
The revocation function was unable to check revocation .. huh? The error ‘The revocation function was unable to check revocation because the revocation server was offline.’ is raised when an application is trying to check if the provided certificate is valid but it is unable to connect to the revocation server.
The request was aborted: Could not create SSL/TLS secure channel.Description: An unhandled exception occurred during the execution of the current web request.
I recently implemented a centralized security token cache and observed that although the user signs-out and the session cookie is removed from the browser the session token was never removed from the SecurityTokenCache. This is something I would never have observed if I did not implement this cache.
The authentication schemes configured on the host (‘IntegratedWindowsAuthentication’) do not allow those configured on the binding ‘WS2007HttpBinding’ (‘Anonymous’). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration… Read More »
ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.
First day of trying the understand OWIN, I follow the steps from the microsoft site and are greeted by this error message. Could not load file or assembly ‘Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5’ or one of its dependencies. The located assembly’s manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) There are possible… Read More »
Been bashing my head against this (WIF: ID1014: The signature is not valid. The data may have been tampered with) problem now for about a week. WIF tracing has been useless in trying to solve this. For my own sanity sake, here are the possible causes that I have found so far that could cause it.