ASP.NET 1.1 Token Decryption

GarrettS — Thu, 30 Nov 2006 08:20:47 GMT

A funny thing happened a while back...

I had a request from Scott Hanselman to decrypt and consume a security token created by Windows CardSpace, but do it on ASP.NET 1.1.

Well, having written the code to do that on .NET 3.0, I figured, heck, how hard could that be... sure, the certificate and decrpytion might be a handful, but doable... the SAML stuff is just XML, right? How hard... 40minutes, right? Maybe a couple of hours. Certainly no more than a day or two. Maybe three. Wait, I need the weekend.

Well, needless to say, that was all six weeks ago. I wrote the decryption stuff, three times. I finally broke down and asked Lucas to help me. He looked at my code, said it looked good, but he'd look at that. He worked and worked and finally got me some code that I could use.

Next up of course, was the SAML deserialization. First I tried some SAML stuff I found on the net, but it didn't go anywhere. I went back to some of the good 'ole indigo folks and found Brent Schmaltz, who said hey, no problem, just a few minutes... (he apparently went to the same school as I did to learn how to forecast time). Well, a few days later, I get some code from him, and it works great! ... on .NET 2.0 !

After a few more emails, Brent drops the code to me to get it all workin' on .NET 1.1. So, I toss that into my Server 2k3 VPC, and boom. No-workey.

Joy.

A week-or-two back and forth, and Brent fixes up the problems with the SAML code and Server 2k3+SP1, and voila! We have some code!

I am pleased to announce a functional .NET v 1.1 Token processor, that will correctly process SAML tokens generated by Windows CardSpace.

I’d like to thank Lucas Melton and Brent Schmaltz for their very significant contributions effort and code to get this code out. This seemingly trivial task turned out to be quite the devil in disguise.

I have attempted to keep the interface of this Token processor as similar to the .NET 3.0 version as possible, but it is not perfectly compatible, there are minor differences. This library depends on WSE 2.0,.NET 1.1 and Windows XP or Windows Server 2003.

The TokenTest needs my certificates from the CardSpace samples installed using the script (to decrypt the test token).

This sample is not yet documented, and/or may be missing some features. I thought you'd all like it sooner rather than later tho'

So, if you are using ASP.NET 1.1, try out the preview sample: Asp.net 1.1 Token decryption

g	Garrett Serack \| Program Manager \|Federated Identity Team \| Microsoft Corporation blog:http://blogs.msdn.com/garretts

Garrett Serack: Open Source Development at Microsoft : Cardspace ASP.NET 1.1

ASP.NET 1.1 Token Decryption