Error occured during a cryptograhpic operation.

[ladeak]

Non Security Issues

Information needed

Using Sustainsys.Saml package version 2.8.

Setup: Owin application application, no ASP.NET Identity. A setup like this, but with SAML instead of google client: https://coding.abel.nu/2014/11/using-owin-external-login-without-asp-net-identity/

This is a load balanced use case.

Once redirected to /Saml2/Acs endpoint, an exception is shows "Error occured during a cryptograhpic operation."

StackTrace:

System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) +172
Systainsys.Saml2.WebSso.HttpRequestData.Init(String httpMethod, Uri url, String applicationPath, ...

After refresh (F5 in browser), the error disappears, that point on it works as expected, but the first request fails always.

When using with machineKey and webconfig changes to replace SecurityTokenHandlers I do not see this error at all.

When using this approach: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/compatibility/replacing-machinekey?view=aspnetcore-5.0 the solution works.

When using this approach: https://docs.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0#share-authentication-cookies-between-aspnet-4x-and-aspnet-core-apps then I see the error.

Additional info

• .Net Framework 472

[ladeak]

The solution is to all app.SetDataProtectionProvider and implement interface Microsoft.Owin.Seucity.DataProtection.IDataProtectionPovider. In the Create method use Microsoft.AspNetCore.DataProtection.DataProtectionProvider static class to create a provider, and wrap the result with a new DataProtectorShim(result).

[explunit]

Thanks for reporting back on your solution for letting the cookie be unprotected by the library regardless of which server wrote it.