0

I am using WIF 4.0 to build a claims aware RP and STS. I am having issues now that I have deployed to my production environment with multiple servers hosting the application. For some reason I get the dreaded 

[CryptographicException: Key not valid for use in specified state. ]

error after the user has been idle for some time. I was wondering if anyone has experience with this? Would using the Machine Key help? I am also seeing this error when resetting IIS on the servers. I have set the LoadUserProfile to true.

shenn
  • 859
  • 4
  • 17
  • 47

1 Answers1

0

I think you need to specify something similar to this in your web.config. In addition, you need to set the machinekeys the same on all servers.

    <system.identityModel>
  <identityConfiguration>
    <securityTokenHandlers> 
                <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </securityTokenHandlers> 
  </identityConfiguration>
</system.identityModel>
Willy Van den Driessche
  • 1,619
  • 15
  • 23
  • Yea, unfortunately that option only available for WIF 4.5. – shenn May 22 '14 at 21:11
  • You migth be rigth. On the other hand, the same approach will work with the older version. The bottom line is that you need to replace the sessionsecuritytokenhandler with one that uses a fixed key. It is not so difficult to write this yourself; especially if you can peek at the code of the WIF 4.5 handler. – Willy Van den Driessche Jun 20 '14 at 03:12