I've faced with problem with time delay during certificate validation. I'm using WIF and JWT Token Handler extension for my claim-based authentication. And in case VPN is turned on I have time delay(about 20 seconds) during certificate validation. Also I found the same behaviour with time delay when I opened Certificate Storage under Microsoft Management Console. Is there any way to avoid this issue?
Asked
Active
Viewed 94 times
0
-
1Do not use VPN :) It is probably building certification path and downloads CRLs of CA in the path to verify that the JWT token has been signed with a valid certificate. Check, if these things are available through your VPN. – pepo Oct 16 '14 at 13:01
-
Thanks for replay, actually certificate issued by Verisign and CA is visible throw VPN, CLR also is visible. I'm not sure, but few months ago I so hardcoded time delay(sleep()) in System.IdentityModel dll. Maybe it occurs because of networkrouting – aturch Oct 16 '14 at 13:13
1 Answers
0
I guess I found the reason here http://technet.microsoft.com/library/ee619754.aspx
It says:
If a time-valid object is not found in the disk cache, the network retrieval process starts. For each URL that is available for retrieval, CryptoAPI starts a background thread to perform the network retrieval of that designated object. By default, the calling thread will wait up to 15 seconds for the retrieval to complete (as defined in Group Policy).
aturch
- 53
- 3
- 8