CryptoConfig is not able to identify HashPbkdf2 from the machine.config file, which is set as: <cryptoClass PKDF2Hashing="HashPbkdf2,…

To know more about CryptoConfig please refer to https://msdn.microsoft.com/en-us/library/system.security.cryptography.cryptoconfig(v=vs.110).aspx It’s a class that accesses the cryptography configuration information. Please refer to https://blogs.msdn.microsoft.com/shawnfa/2008/12/02/cryptoconfig/ to know more on CryptoConfig. Recently I encountered an issue where a customer was implementing his own HashPbkdf2 class that does the SHA256 hashing based on Password-Based Key Derivation Function 2. A theoritical…

0

PBKDF2 .Net API does not exists with SHA256 implementation. Here PBKDF2 stands for “Password-Based Key Derivation Function 2”.

PBKDF2 .Net API does not exists with SHA256 implementation. This is true and we know that we have the Rfc2898DeriveBytes class which implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1. However PBKDF2 can be implemented using SHA256, SHA384, SHA512 by using the CNG API’s. See below for an…

0

WCF: Consume WCF REST service by HttpClient

In a recent case, one of my customers requested how to consume the WCF REST Service by taking the help of System.Net.Http.HttpClient modules (introduced in .NET 4.5). I hope the following details would help in depth.   Create a new WCF service application project named “RestService” WCF REST service contract appears as the following. namespace…


WCF: Support for Wild Card Host Header at IIS 10 and above

IIS 10 came with new feature to support Wild Card Host Headers. https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/wildcard-host-header-support Does WCF support it? WCF does not support this and still need to be configured in old way by creating multiple IIS binding for desired host headers. Error we might see when browsing the WCF service: The protocol binding ‘X.X.X.X:80:*.XYZ.com’ is not…

0

WCF/WS: SSL Mutual Client Cert Authentication 403.16 or 403.7

Problem When attempting to use a certificate to authenticate to an IIS website or self hosted WCF service over SSL/TLS channel, we receive a 403.16 error code. Troubleshooting We can collect server side System.Net Traces or WCF Activity Traces System.Net Tracing collection Steps WCF Tracing Observation from System.Net Traces: You might observe the GetClientCertificate API…

0

ASMX/WS/WCF Web Service: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Issue: Intermittent Socket exception seen on client application trying to fetch data from MS web services. Troubleshooting: I recommend collecting application level traces to collect the stack trace information. In addition we can collect the System.Net traces or memory dumps on specific exceptions. Detailed stack from dump: 0:000> !dumpstack OS Thread Id: 0x1708 (0) Current…

0

WCF/WS/TLS: Get .Net Framework 4.0 application use TLS1.2 as default protocol

Issue: By default, .net application built on framework 4.0 will use SSL3.0 or TLS1.0 as default protocol. Ask: If we need to force it to use TLS1.2 protocol, review below workarounds. Workaround 1: Use below link just before Https call is attempted. ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; Workaround 2: Migrate the existing application to supported framework 4.6.2….

0

WIF: Memory leak issue with WIF 3.5 – Microsoft.IdentityModel.Tokens – SecurityTokenCacheKey

Issue:Recently we came across a case where memory leak issue is identified within WIF 3.5 DLL inside the “Microsoft.IdentityModel.Tokens” class. How does this happen: The source code has a coding BUG where “SecurityTokenCacheKey” are not getting cleared off properly. Impacted heap structures seen in memory dumps: 00007ff97bbb0038   371165     17815920 System.Collections.Generic.LinkedListNode`1[[System.Object, mscorlib]] 00007ff97bba6f48   371230     17819040 Microsoft.IdentityModel.Tokens.SecurityTokenCacheKey…

0

ADAL: Secure Web API with ADFS 3.0 for Desktop Client

I came across one of the requirements, where my customer requested me to create a sample ASP.NET WEB API application, and later be consumed by a rich desktop client like WPF. It had one OAuth 2.0 protocol authorization rider before accessing the WEB API resource. And, the OAuth 2.0 access token must be retrieved from…


WIF: WIF10201: No valid key mapping found for securityToken:

Issue: WIF10201: No valid key mapping found for securityToken: This exception is observed on a federated application(web app / mvc / asmx / wcf) using WIF pipeline to authenticate the user. Stack: [SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘LocalSTS’.] System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) +987 System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +73 System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken,…

0