Claims系列 - ID4036错误(The key needed to decrypt the encrypted security token could not be resolved from the following security key identifier)
2012-07-26 11:58
435 查看
错误现象
View Code1 public ServiceConfiguration()
2 {
3 this._certificateValidationMode = DefaultCertificateValidationMode;
4 this._claimsAuthenticationManager = new ClaimsAuthenticationManager();
5 this._claimsAuthorizationManager = new ClaimsAuthorizationManager();
6 this._exceptionMapper = new ExceptionMapper();
7 this._revocationMode = DefaultRevocationMode;
8 this._serviceName = DefaultServiceName;
9 this._serviceMaxClockSkew = DefaultMaxClockSkew;
10 this._trustedStoreLocation = DefaultTrustedStoreLocation;
11 MicrosoftIdentityModelSection current = MicrosoftIdentityModelSection.Current;
12 ServiceElement element = (current != null) ? current.ServiceElements.GetElement(DefaultServiceName) : null;
13 this.LoadConfiguration(element);
14 }
注意到最后调用了LoadConfiguration进行初始化,再看其内部实现:
1 protected void LoadConfiguration(ServiceElement element)
2 {
3 if (element != null)
4 {
5
6 //省略前面无关代码
7 if ((this._serviceCertificate == null) && element.ServiceCertificate.IsConfigured)
8 {
9 this._serviceCertificate = GetServiceCertificate(element);
10 }
11 //省略后面无关代码
12 }
13 this._securityTokenHandlerCollectionManager = this.LoadHandlers(element);
14 }
再看GetServiceCertificate()
1 private static X509Certificate2 GetServiceCertificate(ServiceElement element)
2 {
3 X509Certificate2 certificate2;
4 try
5 {
6 X509Certificate2 certificate = element.ServiceCertificate.GetCertificate();
7 if (certificate != null)
8 {
9 X509Util.EnsureAndGetPrivateRSAKey(certificate);
10 }
11 certificate2 = certificate;
12 }
13 catch (ArgumentException exception)
14 {
15 throw DiagnosticUtil.ExceptionUtil.ThrowHelperConfigurationError(element, "serviceCertificate", exception);
16 }
17 return certificate2;
18 }
至此, 终于知道X509证书默认是从ServiceElement即配置文件中的<microsoft.identitymodel><service><servicecertificate>节点。由此我们可得到如下两种解决方案:
解决方案
1 设置配置文件中的<microsoft.identitymodel><service><servicecertificate>节点a)找开Relying Party应用程序的配置文件;
b)设置X509证书如下:
2 在FederatedAuthentication.ServiceConfigurationCreated事件处理函数中设置
a) 在Relying Party工程中添加Global.asax文件(如果不存在的话);
b) 添加Application_Start事件处理函数
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Win 7 mysql安装错误(the security settings could not be applied to the database (error 1045 MySQL)
- Could not load extension from . The 'manifest_version' key must be present and set to 2 (without quo
- tag 'select', field 'list', name 'did': The requested list key '#id' could not be resolved as a c
- WCF分布式开发常见错误(23):This could be due to the fact that the server certificate is not configured properly with HTTP.SYS
- The security key for this program currently stored on your system does not appear to be valid for th
- POI的一个错误,The 'to' row (0) must not be less than the 'from' row (1)
- 配置penfire出现A connection to the database could not be made. ...错误
- openfire 安装报这个错误 A connection to the database could not be made。。。
- 错误代码: Could not load the "XXX.png" image referenced from a nib in the bundle with identifier "XXX"
- 错误中学习--Connections could not be acqu 4000 ired from the underlying database
- The requested list key '#request.localprovi' could not be resolved as a collection/array/map/enumera
- WARNING rally.common.broker [-] Failed to consume a task from the queue: The resource could not be found. (HTTP 404)
- The requested list key 'map' could not be resolved as a collection/array/map/enumeration/iterator ty
- VS 安装助手,弹出“The security key for this program currently stored on your system does not appear to be ”
- The security settings could not be applied to the database because the connection has failed w
- xcode 7.0 错误提示 The resource could not be loaded because the App Transport Security policy requires
- The database could not be exclusively locked to perform the operation(SQL Server 5030错误解决办法)
- The message received from the server could not be parsed 错误解决方法
- The message received from the server could not be parsed 错误解决方法
- Claims系列 - ID3206错误 (A signin response may only redirect within the current web application: (url) is not allowed)