Reputation: 356
WIF Token Issuing Fails After Certificate Update
Our certificate is expiring and we thought changing it, and the services using it, would be as simple as updating the certificate and updating the services with the certificate's new thumbprint, but that was not the case.
Now, this code was inherited, I didn't write it, so I'm trying to figure stuff out. It breaks right here:
var issuedToken = channel.Issue(rst) as GenericXmlSecurityToken;
All the services that this thing is supposedly hitting have been updated with the new certificate as well. Any pointers are greatly appreciated!
The exception being thrown:
System.ServiceModel.CommunicationException was caught HResult=-2146233087 Message=An error occurred while receiving the HTTP response to https://***ipsts/Service.svc/IWSTrust13. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. Source=mscorlib StackTrace: Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason) at System.ServiceModel.Channels.HttpChannelFactory
1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Mobile_Service.Code.ECNSecurityTokenService.GetClaimsPrincipalWithUserName(String userName, String password) in C:\Development\Mobile Service\Mobile Service\Code\ECNSecurityTokenService.cs:line 59 InnerException: System.Net.WebException HResult=-2146233079 Message=The underlying connection was closed: An unexpected error occurred on a receive. Source=System StackTrace: at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) InnerException: System.IO.IOException HResult=-2146232800 Message=Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. Source=System StackTrace: at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead) InnerException: System.Net.Sockets.SocketException HResult=-2147467259 Message=An existing connection was forcibly closed by the remote host Source=System ErrorCode=10054 NativeErrorCode=10054 StackTrace: at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) InnerException:
Upvotes: 0
Views: 321
Answers (1)
Reputation: 2123
It seems the exception is thrown on connecting to ADFS. I'd check the ADFS Admin/Debug logs to see if ADFS has any issues with certificate i.e. validating chain trust or Revocation. I think, you're very likely running into the issue where ADFS fails validating chain trust or Revocation.
HTH, Amit Bhatia
Upvotes: 0
Related Questions
- WIF BootstrapToken expired
- WIF Security Token Caching
- WIF 4.5 BootstrapContext security token null
- WIF: "ID1014: The signature is not valid. The data may have been tampered with" Error when using non-store certificate
- Why i get this Error : "The issuer of the security token was not recognized by the IssuerNameRegistry"
- MessageSecurityException with ACS issued token and WIF
- WIF Error: "ID3094: Cannot create WS-Federation message from the given URI 'http://myurl'"
- WIF ID 4036 Error - Troubleshoot, Ideas?
- Unable to sign security tokens with certificate in WIF scenario
- Wif secured WCF service, caching tokens - async wcf method loses identity