Thursday, November 29, 2012

stackoverflow : Finally – 5 figures!



Will there it is. I finally cracked the magic 10,000 rep. mark!

And at the same time …


… I made it into the top 3%.


Tuesday, November 20, 2012

Misc : On asking questions


Jon Skeet wrote a very good article : Writing the perfect question.

I’m active on stackoverflow and the MSDN forums and I wish more people would read this article.

Recently there was a question and I replied waxing voluble about how to do something using WIF and the dude replied:

“Actually it’s a Java application”.

FFS dude, why didn’t you put that minor piece of information in the question?

The quality of the answer is directly related to the quality of the question.

And for God’s sake, spell check it!


Friday, November 16, 2012

Visual Studio : Cannot import the following key file


When you have a signed project in TFS, every time a new person gets it out, they have this problem. So they create a new certificate, check it all in and the next person has the same problem. WTF.

The error is:

“Cannot import the following key file: xxx.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_blah”

Mr Google to the rescue. Found a number of “solutions” but then stumbled across one that worked.

In the project properties under “Signing”, click the dropdown arrow and click on the pfx file name. This invokes the password dialogue so you can type in the new password and Bingo!

All then compiles.


Thursday, November 15, 2012

Stackoverflow : What can I say?

Taken a while but I finally got there!




Monday, November 05, 2012

ADFS : Exclusive Canonicalization transform error


Busy trying to get ADFS v2.0 to work with a third-party SAML implementation and got this weird error:

System.Security.Cryptography.CryptographicException: ID6005: Exclusive Canonicalization transform does not support the algorithm ''.

“IDxxxx” as an error normally implies it comes from WIF so trawl through that and it turns out that the only transform it accepts is:

The transforms .NET works with are all listed in:


So I had to get the third party code changed to conform with ADFS.

What is the point of all this, you may ask.

This is all connected with signatures e.g. your sp.xml looks like:

SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"

Because XML can have many forms e.g. whitespace or none, CR or CR/LF etc. you need to convert the XML to an agreed format before you sign it. Otherwise the other side may be checking the signature on a “different” document. These “agreed formats” are the canonical transforms. They are all W3C standards.

So e.g. it may state:

The canonical form of an XML document is the physical representation of the document produced by the method described in this specification. The changes are summarized in the following list:

  • The document is encoded in UTF-8
  • Line breaks normalized to #xA on input, before parsing
  • Attribute values are normalized, as if by a validating processor
  • Character and parsed entity references are replaced
  • CDATA sections are replaced with their character content
  • The XML declaration and document type declaration (DTD) are removed
  • Empty elements are converted to start-end tag pairs



Friday, November 02, 2012

C# : & in the XML


If you have an XML string (e.g. the appSettings in web.config) that contains an “&” it won’t compile e.g.

<add key="URL" value=""/>

The solution is to escape it with the Unicode number i.e.

<add key="URL" value=";ID2=123"/>