Code to create a security token isn't working
-
06-12-2019 - |
Question
I've been developing a SharePoint Server 2010 site, which uses Forms Based Authentication. As part of my custom login script, I used the following C# code:
System.IdentityModel.Tokens.SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url), Membership.Providers["FBAMembershipProvider"].Name, Roles.Providers["FBARoleProvider"].Name, FBAUserName, FBAPassword);
SPFederationAuthenticationModule.Current.SetPrincipalAndWriteSessionToken(token);
On my dev server it works just fine, creating the appropriate token and allowing a user to be logged in with FBA.
However, I'm now transferring all my code to a new SharePoint Server 2010 server, and the code above isn't working. The first line returns a token with a null value.
Can anyone help me understand why?
In the back of my mind I'm thinking that I need to install something on the new server, but I can't for the life of me remember what it is. Something like ADSF, or similar acronym. I check the Control Panel > Programs and Features on the old server, but couldn't see anything that might be relevant.
Any ideas?
[update] Following Anders Rask's request for the ULS logs, I think I found the cause of my issue. Now I need to find the solution (I think I've seen this before)
10/18/2011 22:07:24.65 w3wp.exe (0x0968) 0x0758 SharePoint Foundation Claims Authentication 0000 Unexpected Password check on 'mytest@email.com' generated exception: 'System.Configuration.Provider.ProviderException: You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key. at System.Web.Security.MembershipProvider.EncryptPassword(Byte[] password) at System.Web.Security.MembershipProvider.EncodePassword(String pass, Int32 passwordFormat, String salt) at System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) at System.Web.Security.SqlMembershipProvider.ValidateUser(String username, Str...
10/18/2011 22:07:24.65* w3wp.exe (0x0968) 0x0758 SharePoint Foundation Claims Authentication 0000 Unexpected ...ing password) at Microsoft.SharePoint.IdentityModel.SPFormsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)'.
10/18/2011 22:07:24.65 w3wp.exe (0x0968) 0x0758 SharePoint Foundation Claims Authentication fo1t Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
10/18/2011 22:07:24.66 w3wp.exe (0x0E00) 0x11DC SharePoint Foundation Claims Authentication fsq7 High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) 4acf80d8-9c59-457f-a859-60f8a9af6d46
10/18/2011 22:07:24.66 w3wp.exe (0x0E00) 0x11DC SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The security token username and password could not be validated.. 4acf80d8-9c59-457f-a859-60f8a9af6d46
La solution
yeah i have seen this before as well, and it has hit me in production as well ;-)
Are you using ProtectedData in .NET to encrypt passwords? http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.unprotect.aspx
my guess is that you are seeing this now because your production environment is multi-server, and your development environment is single server. Encryption works fine with machine key as long as you are on a single server, but it breaks when you run on several servers.