WIF- ID1014:签名无效.数据可能已被篡改 [英] WIF- ID1014: The signature is not valid. The data may have been tampered with
问题描述
我一直在使用WIF对我们的新网站进行身份验证,STS是基于starter-sts实现的.
I've been using WIF to authenticate our new website, the STS is based upon the starter-sts implementation.
为了使它能够在负载平衡的环境中正常工作,我在global.asax中使用以下内容来覆盖默认的证书行为.
To enable this to work correctly on out load balanced environment I've used the following in the global.asax to override the default certificate behaviour.
void onServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
{
List<CookieTransform> sessionTransforms = new List<CookieTransform>(new CookieTransform[]
{
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
});
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
e.ServiceConfiguration.SecurityTokenHandlers.AddOrReplace(sessionHandler);
}
这一切都发现了,人们已经成功使用了该系统,但是我们时不时地受到冲击:
This is all working just find and people have been successfully using the system, however every now and then we get a blast of :
ID1014:签名无效.数据可能已被篡改.
在事件日志中,所以我打开了WIF跟踪,并在日志中看到了以下内容.
in the event logs, so I switched on WIF tracing and saw the following mentioned in the log.
ID1074:尝试使用ProtectedData API加密cookie时发生CryptographicException(有关详细信息,请参阅内部异常).如果您使用的是IIS 7.5,则可能是由于应用程序池"上的loadUserProfile设置被设置为false.
我有一种感觉,就像我想的那样,这使我走上了一条黑暗的小巷,因为我将实现更改为使用RSA,这不会影响我.
I have a feeling this is leading me down a dark alley as I thought because I'd changed the implementation to use RSA this shouldn't affect me.
有什么办法可以帮助我吗?
Any ideas to help me?
推荐答案
我更改了实现以修改onkencreated方法中的超时.这样可以防止重新签发.
I changed the implementation to amend the timeout in the ontokencreated method. This prevents the reissue.
protected override void OnSessionSecurityTokenCreated(Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs args)
{
args.SessionToken = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken(
args.SessionToken.ClaimsPrincipal,
args.SessionToken.Context,
DateTime.UtcNow,
DateTime.UtcNow.AddDays(365),
true
);
//base.OnSessionSecurityTokenCreated(args);
}
这篇关于WIF- ID1014:签名无效.数据可能已被篡改的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!