Don Isenor

My STS returns proper SOAP fault responses with informative descriptions of what went wrong (e.g. bad password, invalid certificate, connection failure, etc.), but it seems CardSpace simply ignores them, instead always displaying that standard error message we all know and love:

"Your data could not be retrieved from the managed card provider. Check your connection, and verify that you have supplied the correct authentication credentials."

Am I doing something wrong, or is this a feature of CardSpace


Re: Windows CardSpace (InfoCard) SOAP fault handling

Toland Hon - MSFT

In V1, there was only like 5 preset fault messages that can be displayed in our UI.

However, we've changed that in Orcas, and custom fault messages will be displayed in our UI.




Re: Windows CardSpace (InfoCard) SOAP fault handling

dandrievsky

As I remember your detailed message you can read in EventViewer/Application log.





Re: Windows CardSpace (InfoCard) SOAP fault handling

Don Isenor

I think your average user doesn't even know the event log exists, much less how to examine it or interpret an exception stack. Good to see this feature has been added to Orcas.





Re: Windows CardSpace (InfoCard) SOAP fault handling

gold420sam

how can one view the event log






Re: Windows CardSpace (InfoCard) SOAP fault handling

Toland Hon - MSFT

Start > Run > EventVwr

CardSpace logs are under Application.





Re: Windows CardSpace (InfoCard) SOAP fault handling

Don Isenor

I installed the .NET 3.5 June CTP and I still don't see the SOAP fault messages displayed anywhere. I tested three different fault Subcodes (InvalidRequest, FailedAuthentication, and InvalidSecurityToken), each with a different fault Reason, and CardSpace always displays the same canned message "The card contents could not be retrieved."

Here's one of the SOAP fault messages I tested:

Code Snippet

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:rpc="http://www.w3.org/2003/05/soap-rpc">
<env:Body>
<env:Fault>
<env:Code>
<env:Value>env:Sender</env:Value>
<env:Subcode>
<env:Value>rpc:FailedAuthentication</env:Value>
</env:Subcode>
</env:Code>
<env:Reason>
<env:Text xml:lang="en">Authentication failed</env:Text>
</env:Reason>
</env:Fault>
</env:Body>
</env:Envelope>

Looking in the event log I see (for this example) an "Inner Exception: Authentication failed", so the fault message was correctly parsed, but the fault was not displayed in CardSpace. Maybe the 3.5 June CTP didn't include this fix In which case can someone please give me a link to a download that does include it, thanks.





Re: Windows CardSpace (InfoCard) SOAP fault handling

Toland Hon - MSFT

I spoke with someone who's done custom fault testing and he wants to know if your code throws the exception before or after your Sts.Issue method is invoked. The custom fault feature is meant for the sts to return a friendly error while it's trying to issue a token. If you're hooked up to some WCF extensibility point and threw the exception earlier, your fault may not appear correctly in CardSpace.




Re: Windows CardSpace (InfoCard) SOAP fault handling

Don Isenor

We're not using WCF -- our STS is a J2EE application. There was no exception thrown by the STS. CardSpace sent a RST, and the STS responded with a soap fault message indicating authentication failure. The event log entry (see below) shows that CardSpace correctly received and parsed that response.

Code Snippet

There was a failure making a WS-Trust exchange with an external application. Could not retrieve token from identity provider.

Inner Exception: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Inner Exception: Authentication failed


Additional Information:
Microsoft.InfoCards.TrustExchangeException: Could not retrieve token from identity provider. ---> System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: Authentication failed
--- End of inner exception stack trace ---

Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.InfoCards.RemoteTokenFactory.ISts.ProcessRequestSecurityTokenFeb2005(Message rstMessage)
at Microsoft.InfoCards.RemoteTokenFactory.ProduceToken(InfoCard card, TokenCreationParameter parameter, TokenFactoryCredential credential, InfoCardPolicy policy, Boolean discloseOptional)
--- End of inner exception stack trace ---





Re: Windows CardSpace (InfoCard) SOAP fault handling

rakeshb

Note that the soap fault has to be a secure message too...





Re: Windows CardSpace (InfoCard) SOAP fault handling

Don Isenor

Right you are, adding a Security element (with a Timestamp in it) to the header did the trick:

Code Snippet

<soap:Envelope xmlns:rpc="http://www.w3.org/2003/05/soap-rpc"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp">
<wsu:Created>2007-08-09T22:29:31.546Z</wsu:Created>
<wsu:Expires>2007-08-09T22:39:31.546Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
<soap:Subcode>
<soap:Value>rpc:FailedAuthentication</soap:Value>
</soap:Subcode>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">
Authentication failed
</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>

and now CardSpace displays "Authentication failed" for the user. (How this serves to secure the message in any way is not at all clear to me, but hey it works.) Thanks rakeshb!