I am trying to run a WIF Trust Party application on a shared host. They will not set the IIS setting load user profile to true and like I am getting the following error:
Message: The data protection operation was unsuccessful. This may be due to the user profile not loading for the user reference of the current thread, which may occur when impersonation of the thread is ExceptionStackTrace: System.Security.Cryptography.ProtectedData.Protect on (byte [] UserData, byte [ ] AlternativeEntropy, DataProtectionScope scope) Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Encode (byte [] value)
Is there anybody around it?
Yes, this is because you are using default token encryption which depends on DPAPI You can change it with certified based encryption here: ( "There is another change in the app ..." )
The code is:
Zero OnServer Configuration (Object Sender, Service Configuration Created and AGE E) {var session transforms = new list & lt; Cookie Transforms & gt; (New Cookie Transformer), New Rack Encryption Cookie Transform (E. Service Configuration Service Certificate), New Risk Signature Cookie Long (E. Service Configuration. Service Certificate)}; Var readOnlyTransforms = sessionTransforms.AsReadOnly (); Var session handler = new session securityToken handler (read-only conversion); E.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace (sessionHandler); }and
zero Application_Start (object sender, EventArgs e) {federatedAuthentication.ServiceConfigurationCreated + = OnServiceConfigurationCreated; }Both at global.asax.cs
BTW, this is also the way to configure "Web Farm Friendly" WIF, so this machine is (example) Independent. Windows Azure deployment, essentially web fields, so that's why you see it in the chapter
Update : The API has changed in the new version. Code will look like this
zero on-federation configuration (object sender, federation configuration created and Ents ARG e) {var session transforms = new list & lt; cookie transforms & gt; (new cookie transforms [] {new default cookie transform (new), new Rack encryption cookie long (e.federationConfiguration.ServiceCertificate), new signinCookieTransform ( E.FederationConfiguration.ServiceCertificate)}); Var SectionsHandler = New Session SecurityToken Handler (Session TransformF.ASRDonly ()); E.Fideration Configuration. IDENTITY Configuration.SecurityTokenHandlersAdOurR Play (Satrhandlr);}and
protected void Application_Start () {FederatedAuthentication.FederationConfigurationCreated + = OnFederationConfigurationCreated; }
Comments
Post a Comment