Will there it is. I finally cracked the magic 10,000 rep. mark!
And at the same time …
… I made it into the top 3%.
Enjoy!
Ideas and thoughts about Microsoft Identity, C# development, cabbages and kings and random flotsam on the incoming tide
Will there it is. I finally cracked the magic 10,000 rep. mark!
And at the same time …
… I made it into the top 3%.
Enjoy!
Jon Skeet wrote a very good article : Writing the perfect question.
I’m active on stackoverflow and the MSDN forums and I wish more people would read this article.
Recently there was a question and I replied waxing voluble about how to do something using WIF and the dude replied:
“Actually it’s a Java application”.
FFS dude, why didn’t you put that minor piece of information in the question?
The quality of the answer is directly related to the quality of the question.
And for God’s sake, spell check it!
Enjoy!
When you have a signed project in TFS, every time a new person gets it out, they have this problem. So they create a new certificate, check it all in and the next person has the same problem. WTF.
The error is:
“Cannot import the following key file: xxx.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_blah”
Mr Google to the rescue. Found a number of “solutions” but then stumbled across one that worked.
In the project properties under “Signing”, click the dropdown arrow and click on the pfx file name. This invokes the password dialogue so you can type in the new password and Bingo!
All then compiles.
Enjoy!
Busy trying to get ADFS v2.0 to work with a third-party SAML implementation and got this weird error:
System.Security.Cryptography.CryptographicException: ID6005: Exclusive Canonicalization transform does not support the algorithm 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'.
“IDxxxx” as an error normally implies it comes from WIF so trawl through that and it turns out that the only transform it accepts is:
http://www.w3.org/2001/10/xml-exc-c14n#
The transforms .NET works with are all listed in:
System.Security.Cryptography.Xml.SignedXml
So I had to get the third party code changed to conform with ADFS.
What is the point of all this, you may ask.
This is all connected with signatures e.g. your sp.xml looks like:
SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
Because XML can have many forms e.g. whitespace or none, CR or CR/LF etc. you need to convert the XML to an agreed format before you sign it. Otherwise the other side may be checking the signature on a “different” document. These “agreed formats” are the canonical transforms. They are all W3C standards.
So e.g. it may state:
The canonical form of an XML document is the physical representation of the document produced by the method described in this specification. The changes are summarized in the following list:
etc.
Enjoy!
If you have an XML string (e.g. the appSettings in web.config) that contains an “&” it won’t compile e.g.
<add key="URL" value="http://example.com?ID1=abc&ID2=123"/>
The solution is to escape it with the Unicode number i.e.
<add key="URL" value="http://example.com?ID1=abc&ID2=123"/>
Enjoy!