WCF/WS: SSL Mutual Client Cert Authentication 403.16 or 403.7

Problem When attempting to use a certificate to authenticate to an IIS website or self hosted WCF service over SSL/TLS channel, we receive a 403.16 error code. Troubleshooting We can collect server side System.Net Traces or WCF Activity Traces System.Net Tracing collection Steps WCF Tracing Observation from System.Net Traces: You might observe the GetClientCertificate API…

0

ASMX/WS/WCF Web Service: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Issue: Intermittent Socket exception seen on client application trying to fetch data from MS web services. Troubleshooting: I recommend collecting application level traces to collect the stack trace information. In addition we can collect the System.Net traces or memory dumps on specific exceptions. Detailed stack from dump: 0:000> !dumpstack OS Thread Id: 0x1708 (0) Current…

0

WCF/WS/TLS: Get .Net Framework 4.0 application use TLS1.2 as default protocol

Issue: By default, .net application built on framework 4.0 will use SSL3.0 or TLS1.0 as default protocol. Ask: If we need to force it to use TLS1.2 protocol, review below workarounds. Workaround 1: Use below link just before Https call is attempted. ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; Workaround 2: Migrate the existing application to supported framework 4.6.2….

0

WIF: Memory leak issue with WIF 3.5 – Microsoft.IdentityModel.Tokens – SecurityTokenCacheKey

Issue:Recently we came across a case where memory leak issue is identified within WIF 3.5 DLL inside the “Microsoft.IdentityModel.Tokens” class. How does this happen: The source code has a coding BUG where “SecurityTokenCacheKey” are not getting cleared off properly. Impacted heap structures seen in memory dumps: 00007ff97bbb0038   371165     17815920 System.Collections.Generic.LinkedListNode`1[[System.Object, mscorlib]] 00007ff97bba6f48   371230     17819040 Microsoft.IdentityModel.Tokens.SecurityTokenCacheKey…

0

ADAL: Secure Web API with ADFS 3.0 for Desktop Client

I came across one of the requirements, where my customer requested me to create a sample ASP.NET WEB API application, and later be consumed by a rich desktop client like WPF. It had one OAuth 2.0 protocol authorization rider before accessing the WEB API resource. And, the OAuth 2.0 access token must be retrieved from…


WIF: WIF10201: No valid key mapping found for securityToken:

Issue: WIF10201: No valid key mapping found for securityToken: This exception is observed on a federated application(web app / mvc / asmx / wcf) using WIF pipeline to authenticate the user. Stack: [SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘LocalSTS’.] System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) +987 System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +73 System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken,…

0

WCF: Federating WCF with WIF

Ask: Federate WCF service via WIF   Traditional approach: For normal web app or MVC app, we follow the concept of FedAuth cookie. Client -> Federated Application, gets redirected to STS Client -> STS, get claims Client -> Federated Application validates claims and issue a Fed Auth Cookie. Client -> This time call made with…

0

WCF: Message Security limitation with TLS 1.2 protocol

Issue: WCF Message Security breaks when using or forced to use TLS 1.1 or TLS 1.2 protocol. Re-pro code: https://1drv.ms/f/s!ArgnWb8iHXB6gqcg43hmT5jjbKJ-IA We can disable SSL 3.0 and TLS 1.0 inside server key and we get below failure stack. Failure Stack: 29 clr!IL_Throw+0x184     2a System_IdentityModel_ni!System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(System.String, System.IdentityModel.CredentialUse, System.IdentityModel.SecureCredential)+0xd71ca     2b System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation.AcquireDummyCredentials()+0x73     2c System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation..ctor(System.String, Boolean, System.IdentityModel.SchProtocols, System.Security.Cryptography.X509Certificates.X509Certificate2,…

0

Additional details on AF CU8 release

The latest version of AF 1.1 CU (cumulative update) 8 was released on 12/7/2016, and available on https://www.microsoft.com/en-us/download/details.aspx?id=54440. The detailed hotfix information is listed on https://support.microsoft.com/en-us/kb/3199763.   It has fix for the following three types of issues: 1.      Fixed a memory leak that occurs in specific scenarios. When a dependent service of AppFabric is unresponsive, this results…


CSP Blobs between C# and C++ – Interoperation with the Microsoft Cryptographic API (CAPI)

If you have a requirement as follows:   Interoperate between C# & C++ using cryptographic blobs. Generate the private and public keys in C#. See code below:   public void GenerateKeys(out byte[] privateKey, out byte[] publicKey) {     using (var rsa = new RSACryptoServiceProvider(2048))     {         rsa.PersistKeyInCsp = false;         privateKey = rsa.ExportCspBlob(true);        …

0