All geek questions in one place

Getting an "Invalid Base-64 String" on a Federation Identity Token

I accidentally get a base 64 encoding error when viewing my mvc3 azure web role. I am using passive authentication WIF to authenticate with my ADFS server. I cannot isolate where this comes from, but I have an idea, and I hope for some feedback / help.

From the call stack, it looks like this comes from a bad cookie. The "FedAuth" cookies from wif / adfs is the only thing that appears when I view my cookies from the Chrome console. Therefore, I think that somehow these cookies get corrupted or have invalid characters. I am working on checking this, but since the error happens randomly, it takes some time. Has anyone experienced anything like this or had any tendencies as to what might be causing this? Any help is appreciated!

Here is the exception:

The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or a non-white space character among the padding characters. [FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or a non-white space character among the padding characters. ] System.Convert.FromBase64String(String s) +0 Microsoft.IdentityModel.Web.ChunkedCookieHandler.ReadInternal(String name, HttpCookieCollection requestCookies) +613 Microsoft.IdentityModel.Web.ChunkedCookieHandler.ReadCore(String name, HttpContext context) +174 Microsoft.IdentityModel.Web.CookieHandler.Read(String name, HttpContext context) +133 Microsoft.IdentityModel.Web.CookieHandler.Read(HttpContext context) +59 Microsoft.IdentityModel.Web.CookieHandler.Read() +65 Microsoft.IdentityModel.Web.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +84 Microsoft.IdentityModel.Web.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +119 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

I did a few more tests for my cookies, and I see that with each request, my fedauth cookie gets bigger and bigger. This may be part or all of the problem. In the end, and by accident, something adds some bad characters. The token ends with these closing tags. I see that this fails when some extra characters appear after the close tag of the security context tag. Additional characters are distinguished each time an error occurs.

+6
source share
2 answers

Figured it out. Opps ... programmer error ...

When users first register with my application, I extract some role information from my database and create complaints for them. I re-added these requirements every time, so my session token grew ... and increased ... eventually it caused the token to split into 2, 3, 4, 5, 6 cookies, and eventually something just choked this is. I no longer add claims every time. No longer seeing this problem.

Thanks for your help.

+3
source

I had a similar error message using base64 to encode parameters in the query string, I had% 3d, which displayed fine in the query string, but asp.net converted it to = when I deleted it to the code. I solved this by calling Server.UrlEncode () before decrypting base64. This may be the base64 value in the cookie, which will be decoded before decryption.

+1
source

Source: https://habr.com/ru/post/927055/

More articles:


All Articles