.Net Framework Answers

Home » .Net Framework	RSS
ADFS 2.0 SSO The data protection operation was unsuccessful

Hi all,

I am using Identity Training Kit for VS 2010 sample Labs\WebSitesAndIdentity\Source\Ex3-FederatingADFSv2

and I have error:

Server Error in '/ClaimsEnableWebSite' Application.

The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Cryptography.CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.]

  System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope) +456

  Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Encode(Byte[] value) +54


[InvalidOperationException: ID1074: ???????? ?????????? CryptographicException ??? ??????? ??????????? ???? Cookie ? ?????????????м API ProtectedData (?????????????? ???????? ?м. ? ?????? ??????????? ??????????). ??? ????????????? IIS 7.5 ??? ?????????? м???? ???? ??????? ???????м ??? ????м???? ???? ?????????? loadUserProfile ???????? FALSE. ]

  Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Encode(Byte[] value) +145

  Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +47

  Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +533

  Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(SessionSecurityToken sessionToken) +89

  Microsoft.IdentityModel.Web.SessionAuthenticationModule.WriteSessionTokenToCookie(SessionSecurityToken sessionToken) +123

  Microsoft.IdentityModel.Web.SessionAuthenticationModule.AuthenticateSessionSecurityToken(SessionSecurityToken sessionToken, Boolean writeCookie) +38

  Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) +85

  Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +583

  Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +268

  System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148

  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

Please help.

Any assistance would be greatly appreciated.

7 Answers Found

Answer 1

As the error message says - you need to load the profile in IIS - you can set this in the setting for the AppPool in IIS manager.

Answer 2

Open your IIS Manager Find out what AppPool your application is using by selecting your App, right-click on it, and Select Manage Application -> Advanced Settings. After that, on the top left hand side, select Applications Pools, and go ahead and select the App Pool used by your app. Right-click on it, and select Advanced Settings, Go to the Process Model Section and Find the "Load User Profile" Option and set it to true.

Answer 3

Thanks guys! This is the right advice!

Answer 4

Does this work for IIS 6 as well? According to our hosting company this setting is not possible. Anyone know a work around?

Thanks,

Kristoffer

Answer 5

Is your site running under a specific user, i.e. not network service, if so I think your error might be the same as the one i was getting see http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/44901cb9-c995-4870-88d7-b29893f00828

If you cant use a certificate, in the same example there is some code to use the machine key for encrypting the cookie instead.

Hope this helps

Answer 6

Thanks! It worked, had some problems with the mystic error "Failed to Execute URL.". But solved it by adding for static file types that should be supported:

</httpHandlers>

Answer 7

Funnily enough i had the "Failed to execute error" and it was down to having

missing from my config file. I guess there is some logic there because if we are using the WIF stuff and sending all files thru it then it will be expecting an authentication token unless we have specified the location to allow access to all.

Search for ADFS 2.0 SSO The data protection operation was unsuccessful

Related Answers:

<< Previous Next >>

Microsoft | Windows | Visual Studio | Follow us on Twitter