0

This is the simplified code I use:

var endpointAddress =
            new EndpointAddress("https://test/adfs/services/trust/13/usernamemixed");
        var binding = new Binding();
        var endpointReference = new EndpointReference("test");
        WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, endpointAddress);
        trustChannelFactory.Credentials.UserName.UserName = "test";
        trustChannelFactory.Credentials.UserName.Password = "test";

        WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

        var rst = new RequestSecurityToken
        {
            RequestType = RequestTypes.Issue,
            AppliesTo = endpointReference,
            KeyType = KeyTypes.Bearer
        };

        RequestSecurityTokenResponse rstr = null;
        try
        {
            SecurityToken token = channel.Issue(rst, out rstr);
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message);
        }

When I put wrong username or password I catch exception:

{"The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."}

But I would like to get more specific error so that I know if this is wrong username password exception or sth different. Is there any way to configure it?

Snorlax
  • 787
  • 2
  • 9
  • 22
  • It's telling you in the last part of the exception that you can configure it. One way is to change the configuration for ADFS on the server hosting it. – Ryan Wilson Apr 23 '18 at 12:36
  • @RyanWilson Do you know how to do it on adfs server? – Snorlax Apr 23 '18 at 12:37
  • In my WCF applications that I have written, in the web.config file I set the value of – Ryan Wilson Apr 23 '18 at 12:41
  • So the question is how to force adfs to do it :) – Snorlax Apr 23 '18 at 12:43
  • If it's a validation error, like a wrong username or password, you ought to get some sort of proper message anyway. This message seems to indicate that the web service actually crashed, not just simply rejected the credentials. Generally you don't want a web application to give up specific details of a crash, in case it inadvertently reveals details which an attacker could use to compromise the server. It seems like the webservice is doing the right thing really. Is this a webservice you've built, or something provided by ADFS? Is it configured correctly? – ADyson Apr 23 '18 at 12:55
  • @Snorlax If you have access to the server running ADFS, you should be able to modify the config file. – Ryan Wilson Apr 23 '18 at 12:56
  • @ADyson If I put correct credentials then everything is fine, when I put wrong then all I get is this error. I think that it used to work in a different way and I try to find out what has changed (probably on ADFS configuration) – Snorlax Apr 23 '18 at 12:56
  • @RyanWilson do you know where can be that config file on ADFS? – Snorlax Apr 23 '18 at 12:57
  • @Snorlax It appears you can add custom items to the config, but I have not personally done it myself. (https://msdn.microsoft.com/en-us/library/bb897402.aspx) has some information on doing this. – Ryan Wilson Apr 23 '18 at 13:02

0 Answers0