MethodAccessException in DotNetOpenAuth.OpenId.Identifier..cctor()

105 views
Skip to first unread message

Werner Strydom

unread,
Apr 30, 2012, 12:06:25 AM4/30/12
to dotnet...@googlegroups.com
I downloaded the latest version of 4.1.0.12085 of DotNetOpenAuth.OpenId.RelyingParty library in an ASP.NET MVC 4 website being developed in Visual Studio 2010. It is failing with the following error:

[MethodAccessException: Attempt by method 'DotNetOpenAuth.OpenId.Identifier..cctor()' to access method 'DotNetOpenAuth.Messaging.Reflection.MessagePart.Map<DotNetOpenAuth.OpenId.Identifier>(System.Func`2<DotNetOpenAuth.OpenId.Identifier,System.String>, System.Func`2<DotNetOpenAuth.OpenId.Identifier,System.String>, System.Func`2<System.String,DotNetOpenAuth.OpenId.Identifier>)' failed.]
   DotNetOpenAuth.OpenId.Identifier..cctor() in c:\BuildAgent\work\35657a53ee36436f\src\DotNetOpenAuth.OpenId\OpenId\Identifier.cs:33

[TypeInitializationException: The type initializer for 'DotNetOpenAuth.OpenId.Identifier' threw an exception.]
   DotNetOpenAuth.OpenId.Identifier.TryParse(String value, Identifier& result) in c:\BuildAgent\work\35657a53ee36436f\src\DotNetOpenAuth.OpenId\OpenId\Identifier.cs:204

It worked fine before the update.

Werner

Andrew Arnott

unread,
Apr 30, 2012, 12:34:47 AM4/30/12
to dotnet...@googlegroups.com
Let me know if this repros once you have a downloaded the latest version ( v4.1.0.12120 ).
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre



Werner

--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/dEN88QJu3X0J.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.

Werner Strydom

unread,
Apr 30, 2012, 1:34:42 AM4/30/12
to dotnet...@googlegroups.com
That build sorted out that issue. However, My RP is not longer able to sign in using my OP. The trace view follows. The RP is http://api.example.com/ and OP is http://accounts.example.com/.

w3wp.exe Information: 0 : Incoming HTTP request: GET http://api.example.com/signin
w3wp.exe Information: 0 : HTTP GET http://accounts.example.com/
w3wp.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
w3wp.exe Information: 0 : Total services discovered in XRDS: 1
w3wp.exe Information: 0 : [{
OpenID version: 2.0
Service Type URIs:
},]
w3wp.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
w3wp.exe Information: 0 : Performing discovery on user-supplied identifier: http://accounts.example.com/
w3wp.exe Information: 0 : Creating authentication request for user supplied Identifier: http://accounts.example.com/
w3wp.exe Information: 0 : Preparing to send CheckIdRequest (2.0) message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement did not apply to message.
w3wp.exe Information: 0 : Sending message: CheckIdRequest
w3wp.exe Information: 0 : Incoming request received: CheckIdRequest
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ProviderSigningBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
w3wp.exe Information: 0 : HTTP GET http://api.example.com/
w3wp.exe Information: 0 : Preparing to send PositiveAssertionResponse (2.0) message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
w3wp.exe Information: 0 : Signing PositiveAssertionResponse message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ProviderSigningBindingElement applied to message.
w3wp.exe Information: 0 : Sending message: PositiveAssertionResponse
w3wp.exe Information: 0 : Redirecting to http://api.example.com/signin?dnoa.userSuppliedIdentifier=http%3A%2F%2Faccounts.example.com%2F&openid.claimed_id=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.identity=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.sig=MOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce&openid.assoc_handle=llU6%21IAAAAKx1qpR7F0yTVnmyRV38p30-boY4Tb5EIout8PjxDiKtQQAAAAEZ9nvndbcvI_q-cNVDoW_vbVUm07l5kfW58gJ2auikckhHXdLcyQ7lQpfBx4P72iW6Toq8OZiB7hMwgHMti7PV&openid.op_endpoint=http%3A%2F%2Faccounts.example.com%2Fopenid&openid.return_to=http%3A%2F%2Fapi.example.com%2Fsignin%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Faccounts.example.com%252F&openid.response_nonce=2012-04-30T05%3A17%3A11Zgq6fuIM5&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
w3wp.exe Information: 0 : Incoming HTTP request: GET http://api.example.com/signin?dnoa.userSuppliedIdentifier=http%3A%2F%2Faccounts.example.com%2F&openid.claimed_id=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.identity=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.sig=MOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce&openid.assoc_handle=llU6%21IAAAAKx1qpR7F0yTVnmyRV38p30-boY4Tb5EIout8PjxDiKtQQAAAAEZ9nvndbcvI_q-cNVDoW_vbVUm07l5kfW58gJ2auikckhHXdLcyQ7lQpfBx4P72iW6Toq8OZiB7hMwgHMti7PV&openid.op_endpoint=http%3A%2F%2Faccounts.example.com%2Fopenid&openid.return_to=http%3A%2F%2Fapi.example.com%2Fsignin%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Faccounts.example.com%252F&openid.response_nonce=2012-04-30T05%3A17%3A11Zgq6fuIM5&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
w3wp.exe Information: 0 : Incoming request received: PositiveAssertionResponse
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
w3wp.exe Information: 0 : Verifying incoming PositiveAssertionResponse message signature of: MOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY=
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElementRelyingParty applied to message.
w3wp.exe Information: 0 : Verifying assertion matches identifier discovery results...
w3wp.exe Information: 0 : An XRDS response was received from GET at user-supplied identifier.
w3wp.exe Information: 0 : Total services discovered in XRDS: 2
w3wp.exe Information: 0 : [{
OpenID version: 2.0
Service Type URIs:
}, {
OpenID version: 1.0
Service Type URIs:
},]
w3wp.exe Information: 0 : Skipping HTML discovery because XRDS contained service endpoints.
w3wp.exe Information: 0 : Incoming HTTP request: GET http://api.example.com/signin?ReturnUrl=%2fsignin%3fdnoa.userSuppliedIdentifier%3dhttp%253A%252F%252Faccounts.example.com%252F%26openid.claimed_id%3dhttp%253A%252F%252Faccounts.example.com%252Fusers%252Fad1c0b84248f45a9923c3f9e6c346a49%26openid.identity%3dhttp%253A%252F%252Faccounts.example.com%252Fusers%252Fad1c0b84248f45a9923c3f9e6c346a49%26openid.sig%3dMOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY%253D%26openid.signed%3dclaimed_id%252Cidentity%252Cassoc_handle%252Cop_endpoint%252Creturn_to%252Cresponse_nonce%26openid.assoc_handle%3dllU6%2521IAAAAKx1qpR7F0yTVnmyRV38p30-boY4Tb5EIout8PjxDiKtQQAAAAEZ9nvndbcvI_q-cNVDoW_vbVUm07l5kfW58gJ2auikckhHXdLcyQ7lQpfBx4P72iW6Toq8OZiB7hMwgHMti7PV%26openid.op_endpoint%3dhttp%253A%252F%252Faccounts.example.com%252Fopenid%26openid.return_to%3dhttp%253A%252F%252Fapi.example.com%252Fsignin%253Fdnoa.userSuppliedIdentifier%253Dhttp%25253A%25252F%25252Faccounts.example.com%25252F%26openid.response_nonce%3d2012-04-30T05%253A17%253A11Zgq6fuIM5%26openid.mode%3did_res%26openid.ns%3dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&dnoa.userSuppliedIdentifier=http%3A%2F%2Faccounts.example.com%2F&openid.claimed_id=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.identity=http%3A%2F%2Faccounts.example.com%2Fusers%2Fad1c0b84248f45a9923c3f9e6c346a49&openid.sig=MOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY%3D&openid.signed=claimed_id%2Cidentity%2Cassoc_handle%2Cop_endpoint%2Creturn_to%2Cresponse_nonce&openid.assoc_handle=llU6%21IAAAAKx1qpR7F0yTVnmyRV38p30-boY4Tb5EIout8PjxDiKtQQAAAAEZ9nvndbcvI_q-cNVDoW_vbVUm07l5kfW58gJ2auikckhHXdLcyQ7lQpfBx4P72iW6Toq8OZiB7hMwgHMti7PV&openid.op_endpoint=http%3A%2F%2Faccounts.example.com%2Fopenid&openid.return_to=http%3A%2F%2Fapi.example.com%2Fsignin%3Fdnoa.userSuppliedIdentifier%3Dhttp%253A%252F%252Faccounts.example.com%252F&openid.response_nonce=2012-04-30T05%3A17%3A11Zgq6fuIM5&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
w3wp.exe Information: 0 : Incoming request received: PositiveAssertionResponse
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
w3wp.exe Information: 0 : Verifying incoming PositiveAssertionResponse message signature of: MOXLLazzQg90kSDgyAY9bTwZipwMXZ0o4r1H4Vf9IAY=
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySigningBindingElement applied to message.
w3wp.exe Information: 0 : Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
w3wp.exe Error: 0 : Replayed nonce detected (gq6fuIM5 04/30/2012 05:17:11).  Rejecting message.
The thread '<No Name>' (0x1060) has exited with code 0 (0x0).

It is happening to every RP I created. The "example.com" domains are registered in my hosts file and https is disabled by default. I highlighted an entry that is a concern. The process on the OP completes successfully, and assertion is sent back. Unlike before, it seems to be sent twice with a status of "failed". 

I compared the my code with the samples to see if anything in the API changed, and it doesn't look like it.

Werner 

Andrew Arnott

unread,
Apr 30, 2012, 9:46:32 AM4/30/12
to dotnet...@googlegroups.com
Hi Werner,

This appears to be the log from the RP.  Is that right?

What version of DNOA is on each site?  (You have 4.1.0.12120 on one of them I believe, but I don't know which).  

I'm quite puzzled by the fact that the log includes this:
w3wp.exe Information: 0 : Verifying assertion matches identifier discovery results...

The RP appears to be verifying the identifier but is using two URLs to do it, which seems wrong.  I don't know where it got the all-caps version from.  
And then yes, everything else appears to be doubled as well (although the identifier is always lower case above the lines I've copied here).  So it looks quite strange.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre



Werner 

--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/ZUawhQMtdD0J.

Werner Strydom

unread,
Apr 30, 2012, 11:59:40 AM4/30/12
to dotnet...@googlegroups.com
Those were the outputs of both the RP (api.example.com) and OP (http://accounts.example.com).  The entry about the double nonce was written by the RP.  

I'll look into the issue around the uppercase.


Werner Strydom

unread,
Apr 30, 2012, 12:23:56 PM4/30/12
to dotnet...@googlegroups.com
I noticed that a "Code Analysis" entry suggesting to use ToUpperInvariant rather than ToLowerInvariant.  Changing it back to ToLowerInvariant sorted the issue.  The RPs are working again. Many thanks.



Andrew Arnott

unread,
Apr 30, 2012, 2:33:14 PM4/30/12
to dotnet...@googlegroups.com
Hi Werner,

Glad it's working for you now.  Why are you calling either ToLowerInvariant or ToUpperInvariant?  Normalizing the claimed identifier, if that's what you're doing, must be done a particular way (by redirect on the identifier itself) to avoid security issues.  Is that what you're doing?
If you merge the logs like that I suggest you modify the appender in the .config file so that it's clear which party is appending to the log for a given line.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre


On Mon, Apr 30, 2012 at 9:23 AM, Werner Strydom <blou...@gmail.com> wrote:
I noticed that a "Code Analysis" entry suggesting to use ToUpperInvariant rather than ToLowerInvariant.  Changing it back to ToLowerInvariant sorted the issue.  The RPs are working again. Many thanks.

--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/Hk7ahTlc-_8J.

Werner Strydom

unread,
Apr 30, 2012, 2:50:45 PM4/30/12
to dotnet...@googlegroups.com
Hi Andrew,

Yes that is what I was doing. Notice in the OpenID Provider sample (in Models.User) that ToLowerInvariant was called. I had a temporary lapse of judgment and changed it to ToUpperInvariant when I was fixing code analysis issues. However due to refactoring that code is called in two places and only one was changed. 

As for the logs, I don't use log4net but whatever gets written to the debug output. That is the output I attached after I debugged both the OP and RP.  Perhaps the trace statements should include some hint as to where it originates from. The best way to do it is to assign numbers to the trace statements, so that < 10000 is an OP, < 20000 is an RP etc etc. 

One thing that may be rather useful is if logging/tracing included some reference to the specifications as it is performing or validating somethings. It would save us, who don't know the specifications by heart and have to reference it often, a great deal of time.

I can create issues for both if you wish.

Werner

Andrew Arnott

unread,
May 1, 2012, 12:50:02 AM5/1/12
to dotnet...@googlegroups.com
I can't see myself adding numbers to all DNOA trace statements, honestly.  And so much of the OpenID framework is shared between OP and RP that the trace messages wouldn't have a unique prefix most of the time anyway.  

I do tend to add comments that reference specific spec sections but I can see that doesn't help when all you have is logging to go off of, so that's a fine suggestion.  Feel free to file a ticket for it.  But what would be helpful (since a complete canvasing of all log messages isn't going to happen anytime soon) is to list specific messages where you'd like to see the spec sections referenced.

Thanks for all the feedback!

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre


--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To view this discussion on the web visit https://groups.google.com/d/msg/dotnetopenid/-/de9CyB676CsJ.
Reply all
Reply to author
Forward
0 new messages