ASP.NET C# , "ID6018: Digest verification failed for reference"
1,970 views
Skip to first unread message
alban faverot
Mar 25, 2011, 5:17:48 AM3/25/11
to eID Applet
Hello i have integrated the eID applet in a local intranet website
(ASP.NET C#) using
http://msdn.microsoft.com/en-us/library/ee517285.aspx
and using this metadata.xml
https://www.e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadata.xml
when i open my website , it asks the Card , i fill the PIN code , i
see that authentication is done , and i get this error
Server Error in '/EID' Application.
--------------------------------------------------------------------------------
ID6018: Digest verification failed for reference '#assertion-8a5c8395-
ca60-4861-a69e-1898307c04dd'.
i have checked on internet and found something about ISA Server , but
we don't have ISA.
We use Websense for filtering , but we have removed all the filters
for this Server.
i don't find anything else to help me .
thanks for your help !
(ASP.NET C#) using
http://msdn.microsoft.com/en-us/library/ee517285.aspx
and using this metadata.xml
https://www.e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadata.xml
when i open my website , it asks the Card , i fill the PIN code , i
see that authentication is done , and i get this error
Server Error in '/EID' Application.
--------------------------------------------------------------------------------
ID6018: Digest verification failed for reference '#assertion-8a5c8395-
ca60-4861-a69e-1898307c04dd'.
i have checked on internet and found something about ISA Server , but
we don't have ISA.
We use Websense for filtering , but we have removed all the filters
for this Server.
i don't find anything else to help me .
thanks for your help !
Frank Cornelis
Mar 25, 2011, 6:26:40 AM3/25/11
to eid-a...@googlegroups.com
Hi,
Seems like WIF cannot validate the XML signature correctly on the SAML message as received from the eID IdP.
Are you sure that the thumbprint within your Web.config matches the one found at:
https://www.e-contract.be/eid-idp/
?
Kind Regards,
Frank.
--
Verzonden van mijn Android telefoon met K-9 Mail.
Seems like WIF cannot validate the XML signature correctly on the SAML message as received from the eID IdP.
Are you sure that the thumbprint within your Web.config matches the one found at:
https://www.e-contract.be/eid-idp/
?
Kind Regards,
Frank.
--
Verzonden van mijn Android telefoon met K-9 Mail.
alban faverot <al...@faverot.com> wrote:
Hello i have integrated the eID applet in a local intranet website (ASP.NET C#) using http://msdn.microsoft.com/en-us/library/ee517285.aspx and using this metadata.xml https://www.e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadata.xml when i open my website , it asks the Card , i fill the PIN code , i see that authentication is done , and i get this error Server Error in '/EID' Application.
ID6018: Digest verification failed for reference '#assertion-8a5c8395- ca60-4861-a69e-1898307c04dd'. i have checked on internet and found something about ISA Server , but we don't have ISA. We use Websense for filtering , but we have removed all the filters for this Server. i don't find anything else to help me . thanks for your help ! -- You received this message because you are subscribed to the Google Groups "eID Applet" group. To post to this group, send email to eid-a...@googlegroups.com. To unsubscribe from this group, send email to eid-applet+...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/eid-applet?hl=en.
Alban FAVEROT
Mar 25, 2011, 10:27:05 AM3/25/11
to eid-a...@googlegroups.com
Hello Frank ,
i did check , and it's the same.
i did test on another server at home , directly connected to my BBox , and i get the same error.
do you have any clue ?
From: "Frank Cornelis" <frank.c...@gmail.com>
Sent: 25 March 2011 11:35
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] ASP.NET C# , "ID6018: Digest verification failed for reference"
i did check , and it's the same.
i did test on another server at home , directly connected to my BBox , and i get the same error.
do you have any clue ?
From: "Frank Cornelis" <frank.c...@gmail.com>
Sent: 25 March 2011 11:35
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] ASP.NET C# , "ID6018: Digest verification failed for reference"
Frank Cornelis
Mar 26, 2011, 3:46:27 AM3/26/11
to eid-a...@googlegroups.com
Weird. Could you give me some information on the version of your OS, IIS, VisualStudio?
I'll try to have this one checked out as this could indicate an issue with the WS-Federation signature generation code of the eID IdP.
Kind regards,
Frank.
--
Verzonden van mijn Android telefoon met K-9 Mail.
I'll try to have this one checked out as this could indicate an issue with the WS-Federation signature generation code of the eID IdP.
Kind regards,
Frank.
--
Verzonden van mijn Android telefoon met K-9 Mail.
Alban FAVEROT
Mar 28, 2011, 2:32:23 AM3/28/11
to eid-a...@googlegroups.com
Hello Frank, , thanks for your help .
The intranet is working on a Windows Server 2003 R2 SP2 , so IIS 6 i think
The visual studio 2008 , Release 9.0.30729.1 SP is installed on the server , and i developp on it because the WIF SDK or Runtime is not compatible with my XP64bits
Alban
Bulex Belgium
Sent: 26 March 2011 08:47
The intranet is working on a Windows Server 2003 R2 SP2 , so IIS 6 i think
The visual studio 2008 , Release 9.0.30729.1 SP is installed on the server , and i developp on it because the WIF SDK or Runtime is not compatible with my XP64bits
Alban
Bulex Belgium
Sent: 26 March 2011 08:47
alban faverot
Mar 31, 2011, 3:58:55 AM3/31/11
to eID Applet
i see in your message that :
Besides the eID Applet we also offer an eID Identity Provider that
supports:
- WS-Federation 1.1 (for ASP.NET integration via WIF)
so maybe i'm confusing . i did use WIF , and it display also the
Applet.
So to use "eID Identity Provider for ASP.NET integration via WIF" , do
you have a process or screenshots ?
thanks
Besides the eID Applet we also offer an eID Identity Provider that
supports:
- WS-Federation 1.1 (for ASP.NET integration via WIF)
so maybe i'm confusing . i did use WIF , and it display also the
Applet.
So to use "eID Identity Provider for ASP.NET integration via WIF" , do
you have a process or screenshots ?
thanks
Frank Cornelis
Mar 31, 2011, 7:33:09 AM3/31/11
to eid-a...@googlegroups.com
Hi,
The eID IdP is of course using the eID Applet to perform the eID
authentication/identification crypto-operations.
The link you posted is the official documentation from Microsoft, so
couldn't do it better:
http://msdn.microsoft.com/en-us/library/ee517285.aspx
I once created a video about this:
http://www.youtube.com/watch?v=7AFGfWj7q5Q&hd=1
<http://www.youtube.com/watch?v=7AFGfWj7q5Q&hd=1>
Kind Regards,
Frank.
Frank Cornelis
Mar 31, 2011, 10:44:58 AM3/31/11
to eid-a...@googlegroups.com
Hi,
We did some tests and everything seems to be OK.
Can you try this out on a more recent version of Windows?
Kind Regards,
Frank.
We did some tests and everything seems to be OK.
Can you try this out on a more recent version of Windows?
Kind Regards,
Frank.
alban faverot
Apr 4, 2011, 10:54:41 AM4/4/11
to eID Applet
I have installed a new Windows Server 2008 R2
IIS 6.1 (Build 7600)
WIF SDK for Framework 3.5 , and the runtime
IIS 6.1 (Build 7600)
WIF SDK for Framework 3.5 , and the runtime
alban faverot
Apr 5, 2011, 9:13:28 AM4/5/11
to eID Applet
i have installed the Framework 4.0 , the website runs under the
Framework 4.0
but something strange
in the web.config i see Microsoft.IdentityModel, Version=3.5.0
(automaticaly added using "Add STS"
but when i try to add a reference i find System.IdentityModel ,
Version 4.0 , but i receive an error "The website already has a
reference to the Assembly System.IdentityModel.
could you give me your web.config file to check ?
Framework 4.0
but something strange
in the web.config i see Microsoft.IdentityModel, Version=3.5.0
(automaticaly added using "Add STS"
but when i try to add a reference i find System.IdentityModel ,
Version 4.0 , but i receive an error "The website already has a
reference to the Assembly System.IdentityModel.
could you give me your web.config file to check ?
Frank Cornelis
Apr 8, 2011, 8:28:30 AM4/8/11
to eid-a...@googlegroups.com
Hi,
I've created a new video demonstrating the integration of eID IdP into
ASP.NET using Windows Identity Foundation 3.5.
This time all attributes are used and the eID IdP URL is up-to-date.
Check it out at: http://www.youtube.com/watch?v=ZxDrbZdTRLk&hd=1
<http://www.youtube.com/watch?v=ZxDrbZdTRLk&hd=1>
Kind Regards,
Frank.
Frank Cornelis
Apr 12, 2011, 8:07:42 AM4/12/11
to eid-a...@googlegroups.com
Hi Alban,
I don't think there is such a thing as WIF 4.0.
In attachment you'll find my web.config file. But you shouldn't use that
as is I guess, since the host/ports won't match for your deployment.
Kind Regards,
Frank.
On 04/05/2011 03:13 PM, alban faverot wrote:
alban faverot
Apr 12, 2011, 9:32:58 AM4/12/11
to eID Applet
the thumbprint was different so i changed it . idem , the same error.
i have changed my website because i was using a virtual directory. now
i type directly the default website http://vabedr04/
idem the same error.
i said to my boss that it's too easy to integrate it in a .Net
website .. i'm now a stupid boy
i have changed my website because i was using a virtual directory. now
i type directly the default website http://vabedr04/
idem the same error.
i said to my boss that it's too easy to integrate it in a .Net
website .. i'm now a stupid boy
fcorneli
Apr 12, 2011, 7:38:00 PM4/12/11
to eID Applet
Hi Alban,
That's indeed some painful. Is your company close to FedICT? Maybe we
can arrange a meeting so we can figure out what is going wrong
exactly? Drop me a line at frank.cornelis at fedict.be
Kind Regards,
Frank.
On Apr 12, 3:32 pm, alban faverot <al...@faverot.com> wrote:
> the thumbprint was different so i changed it . idem , the same error.
>
> i have changed my website because i was using a virtual directory. now
> i type directly the default websitehttp://vabedr04/
That's indeed some painful. Is your company close to FedICT? Maybe we
can arrange a meeting so we can figure out what is going wrong
exactly? Drop me a line at frank.cornelis at fedict.be
Kind Regards,
Frank.
On Apr 12, 3:32 pm, alban faverot <al...@faverot.com> wrote:
> the thumbprint was different so i changed it . idem , the same error.
>
> i have changed my website because i was using a virtual directory. now
Frank Cornelis
Apr 21, 2011, 10:14:09 AM4/21/11
to eid-a...@googlegroups.com
Hi Alban,
Try again... should be fixed now.
Kind Regards,
Frank.
Try again... should be fixed now.
Kind Regards,
Frank.
Reply all
Reply to author
Forward
0 new messages