c# - Invalid algorithm specified - Custom STS -


i have implemented custom sts in order authenticate users our web application sharepoint instance hosted elsewhere, , displayed in frame in application.

this worked fine during development, , during testing, following exception being thrown intermittently during uat:

[system.security.cryptography.cryptographicexception] invalid algorithm specified.     @ system.security.cryptography.cryptographicexception.throwcryptographicexception(int32 hr)    @ system.security.cryptography.utils.signvalue(safekeyhandle hkey, int32 keynumber, int32 calgkey, int32 calghash, byte[] hash, int32 cbhash, objecthandleonstack retsignature)    @ system.security.cryptography.utils.signvalue(safekeyhandle hkey, int32 keynumber, int32 calgkey, int32 calghash, byte[] hash)    @ system.security.cryptography.rsacryptoserviceprovider.signhash(byte[] rgbhash, int32 calghash)    @ system.security.cryptography.rsapkcs1signatureformatter.createsignature(byte[] rgbhash)    @ system.identitymodel.signedxml.computesignature(hashalgorithm hash, asymmetricsignatureformatter formatter, string signaturemethod)    @ system.identitymodel.signedxml.computesignature(securitykey signingkey)    @ system.identitymodel.envelopedsignaturewriter.computesignature()    @ system.identitymodel.envelopedsignaturewriter.onendrootelement()    @ system.identitymodel.tokens.samlsecuritytokenhandler.writeassertion(xmlwriter writer, samlassertion assertion)    @ system.identitymodel.tokens.securitytokenhandlercollection.writetoken(xmlwriter writer, securitytoken token)    @ system.identitymodel.protocols.wstrust.wstrustserializationhelper.writerstrxml(xmlwriter writer, string elementname, object elementvalue, wstrustserializationcontext context, wstrustconstantsadapter trustconstants)    @ system.identitymodel.protocols.wstrust.wstrustserializationhelper.writeknownresponseelement(requestsecuritytokenresponse rstr, xmlwriter writer, wstrustserializationcontext context, wstrustresponseserializer responseserializer, wstrustconstantsadapter trustconstants)    @ system.identitymodel.protocols.wstrust.wstrust13responseserializer.writeknownresponseelement(requestsecuritytokenresponse rstr, xmlwriter writer, wstrustserializationcontext context)    @ system.identitymodel.protocols.wstrust.wstrustserializationhelper.writeresponse(requestsecuritytokenresponse response, xmlwriter writer, wstrustserializationcontext context, wstrustresponseserializer responseserializer, wstrustconstantsadapter trustconstants)    @ system.identitymodel.protocols.wstrust.wstrust13responseserializer.writexml(requestsecuritytokenresponse response, xmlwriter writer, wstrustserializationcontext context)    @ system.identitymodel.services.wsfederationserializer.getresponseasstring(requestsecuritytokenresponse response, wstrustserializationcontext context)    @ system.identitymodel.services.signinresponsemessage..ctor(uri baseurl, requestsecuritytokenresponse response, wsfederationserializer federationserializer, wstrustserializationcontext context)    @ system.identitymodel.services.federatedpassivesecuritytokenserviceoperations.processsigninrequest(signinrequestmessage requestmessage, claimsprincipal principal, securitytokenservice sts, wsfederationserializer federationserializer)    @ web.secure.sharepoint.processrequest()

the implementation of sts follows:

using system.identitymodel; using system.identitymodel.configuration; using system.identitymodel.protocols.wstrust; using system.identitymodel.tokens; using system.security.claims; using system.security.cryptography.x509certificates;  namespace core.services {     public class sharepointsecuritytokenservice : securitytokenservice     {         public sharepointsecuritytokenservice(securitytokenserviceconfiguration securitytokenserviceconfiguration)             : base(securitytokenserviceconfiguration)         {         }          protected override scope getscope(claimsprincipal principal, requestsecuritytoken request)         {             var scope = new scope(request.appliesto.uri.originalstring, securitytokenserviceconfiguration.signingcredentials);             scope.tokenencryptionrequired = false;             scope.replytoaddress = request.replyto;              return scope;         }          protected override claimsidentity getoutputclaimsidentity(claimsprincipal principal, requestsecuritytoken request, scope scope)         {             var identity = new claimsidentity(principal.claims);              return identity;         }     } }

and code calls , generates response form follows:

var identity = (claimsidentity)httpcontext.current.user.identity; identity.addclaim(new claim(claimtypes.role, role)); var claimsprinciple = new claimsprincipal(identity);  var requestmessage = (signinrequestmessage)wsfederationmessage.createfromnamevaluecollection(sharepointlibraryuri, parameters); var sharepointcertificate = global.appcache.getsharepointcertificate();  if (sharepointcertificate == null) {     throw new sharepointrequestexception("no sharepoint signing certificate.", requestid); }  var signingcredentials = new x509signingcredentials(sharepointcertificate); var config = new securitytokenserviceconfiguration(settings.default.sharepointtokenissuername, signingcredentials); var sts = new sharepointsecuritytokenservice(config); var responsemessage = federatedpassivesecuritytokenserviceoperations.processsigninrequest(requestmessage, claimsprinciple, sts); var responseform = responsemessage.writeformpost();  response.write(responseform);

to confirm have used same certificate on environments, , consistently works in development, fails on server. confuse matters further has worked few hours @ time on server, no apparent reason stop working again. not know triggers either start or stop working.

you missing reference the algorithm. may need include line when you're application starts up.

cryptoconfig.addalgorithm(typeof(rsapkcs1sha256signaturedescription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more