摘要验证失败 [英] Digest verification failed
问题描述
我正在开发一个使用ADFS来管理用户和登录名的.NET Web应用程序。在我的个人开发机器上和测试环境中,一切正常。但是,将应用程序发布到目标生产服务器后,出现以下异常:
[CryptographicException:摘要验证失败参考'#_ed85954d-e2b3-44a1-a455-f13b8eca5756'。]
System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id,Object resolveXmlSource)+1124029
System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatch Object resolveXmlSource)+92
System.IdentityModel.SignedXml.EnsureDigestValidity(String id,Object resolveXmlSource)+33
System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()+240
System.IdentityModel.EnvelopedSignatureReader。 Read()+107
System.Xml.XmlReader.ReadEndElement()+52
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ReadAssertion(XmlReader reader)+1106
System.IdentityModel.Tokens.SamlSecurityTokenHandler .ReadToken(XmlReader阅读器)+57
System.IdentityMod el.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader阅读器)+114
System.IdentityModel.Services.TokenReceiver.ReadToken(字符串tokenXml,XmlDictionaryReaderQuotas readerQuotas,FederationConfiguration federationConfiguration)+351
System.IdentityModel.Services.WSFederationAuthenticationModule。 SignInWithResponseMessage(HttpRequestBase请求)+387
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(对象发送者,EventArgs args)+103571
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep步骤,布尔值& +165
我尝试在ADFS上启用WIF和WCF日志记录,但未发现任何结果
我意识到已经创建了一个非常类似的问题博客文章。事实证明,解决方案是取消选中TMG中ADFS计算机的应用链接翻译
选项。
IFD配置的CRM服务器(也依赖于此ADFS)工作正常,这有点奇怪...
I'm developing a .NET web application which uses ADFS to manage users and logins. On my personal development machine and on our testing environment everything works fine. However, after publishing the application to the target production server I'm getting the following exception:
[CryptographicException: Digest verification failed for Reference '#_ed85954d-e2b3-44a1-a455-f13b8eca5756'.]
System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) +1124029
System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) +92
System.IdentityModel.SignedXml.EnsureDigestValidity(String id, Object resolvedXmlSource) +33
System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement() +240
System.IdentityModel.EnvelopedSignatureReader.Read() +107
System.Xml.XmlReader.ReadEndElement() +52
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ReadAssertion(XmlReader reader) +1106
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ReadToken(XmlReader reader) +57
System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) +114
System.IdentityModel.Services.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas, FederationConfiguration federationConfiguration) +351
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) +387
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +103571
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
I've tried turning on WIF and WCF logging on the ADFS, but found nothing of interest in the logs.
I realize a very similar question has been created here, however my issue seems to be caused by something different as I'm not passing claims from a DB, only from the AD itself.
Another possibility is the one described in this article... but I'm not using ISA server. If something else is changing the reply, I don't know how to find it.
I'm a bit out of ideas. Can someone help me out?
I guess the following recent XKCD comic is at least partially true:
On the second page of Google results I came upon this blog post. The solution, as it turned out, was to uncheck the Apply link translation
option in TMG for the ADFS machine.
It's a bit strange that IFD configured CRM servers (which also relied on this ADFS) worked without a hitch...
这篇关于摘要验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!