Dog gets more respect than you in todays world

Not that i think dogs are any lesser, but when humans treat dogs better than other humans i believe its time to revist what is happening around the world.

“It may be hard for you to think straight today, dear Virgo. More than likely, your brain is acting out in short, erratic bursts that keep you guessing as to which way to proceed. Avoid mental confusion by taking periodic checks during the day in which you come to center and separate yourself and your feelings from the situation and drama around you. Don’t pretend you understand something if you don’t. If something doesn’t make sense, question it.”
Rigth now nothing makes sense and i hope i can stay insane like this. Like floyd wrote. Comfortablyl Numb !

Load Balancing WCF – basicHttpBinding

Load balancing WCF with basicHttpBinding can be done using the keepAliveEnabled property when there is connection reuse. Basically this property when enabled, enables a client to maintain a persistent connection with the service and gives enhanced throughput with connection reuse with multiple messages. But in a load balanced farm we cannot have a client strongly associated with a server and so need to disable this property.

This can be accessed through a custom binding as follows.



                <binding name=NewBinding0>

                    <textMessageEncoding />

                    <httpTransport keepAliveEnabled=false />




If you are interested in TCP load balancing check out this post by [Kenny]
This article should give you more information MSDN


BindingElementCollection bec = new BasicHttpBinding().CreateBindingElements();bec.Find<HttpTransportBindingElement>().KeepAliveEnabled = false;CustomBinding cb = new CustomBinding(bec);


Intalling and Running your STS for Cardspace

I realized that there were many gotachs when running the sample STS that is posted here. This has evolved and the experience is really improved. Thanks to Garrett.

Some steps

  1. Download the sample from the site and run the setup script.
  2. You might want to check the SSL cert setup if it has executed successfully or not.
  3. Make sure you have IE7 and your proxy settings is disabled as it has to have host entries made to point the same machine.
  4. Note that the SSL certs might not show the site in Green.
  5. Do read the documentation before you proceed.
  6. Download httpcfg if can but the sample should include this. This usually helps of you want to deploy the STS on another machine.


Code Pointers for Managed Cards

  1. When debugging and trying to fix cardspace do look at the event viewer (open run dialog and type eventwvr.)
  2. Make sure the ACL’s are setup using the SSL certificate setup script and you have httpcfg or netsh in Vista. You might get this exception

    There was a failure making a WS-Trust exchange with an external application. Could not retrieve token from identity provider.

    Inner Exception: An error occurred while receiving the HTTP response to This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
    Inner Exception: The underlying connection was closed: An unexpected error occurred on a receive.
    Inner Exception: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    Inner Exception: An existing connection was forcibly closed by the remote host

    When you make a cardspace site make sure you are accessing over SSL or you get script access denied.

  3. Make sure your claims are of the form
    <object type=”application/x-informationcard” name=”_xmlppidToken”>
            <param name=”tokenType” value=”urn:oasis:names:tc:SAML:1.0:assertion” />
            <param name=”requiredClaims” value=”” />

    And not

  4. Another thing that you may come across is an exception of the format.
    throw new ArgumentException(String.Format(“Claim {0} not found”, uri));
    You can either do this or you could setup the proper claims that is required by the site.
    The STS should be modified to return the set of claims that the other organization is requesting. You can do this by overriding the RequestSecurityTokenResponse class which implements the BodyWriter inthe Sample and update the token addition method.

           protected List<SamlAttribute> GetTokenAttributes()



                    System.Diagnostics.Debug.WriteLine(“GetTokenAttributes — Started”);


                    List<SamlAttribute> result = new List<SamlAttribute>();

                    //result.Add(new SamlAttribute(new Claim(ClaimTypes.PPID , “*Fill in this field*”, Rights.PossessProperty)));


                    List<Claim> claims = IdentityManager.GetCurrentRequestUserClaims();

                    foreach (Claim claim in claims)


                        result.Add(new SamlAttribute(claim));



                    return result;




                    System.Diagnostics.Debug.WriteLine(“GetTokenAttributes — Ended”);



    And you can probably check the users PPIC claim that he has sent a custom authentication module like say an IdentityManager.

  5. Cardspace might not be able to communicate with the STS. Try to retrieve the data by picking the Managaged card and check the event log for this or use DebugView from and see the debug out as cardspace runs in a very secure mode and visual studio debugging doesnt seem like an option.
  6. When reading the Tokens in the destination site you might get

    The X.509 certificate, O=Fabrikam, L=Redmond, S=Washington, C=US chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation because the revocation server was offline.

    Primarily the revocation mode for the X509SecurityTokenAuthenticator is online. You can work around this by turning off certificate checking in Token Processor, but do remember that this is not a general solution but it gets your managed card and STS demos working.

    Token(String xmlToken)

  1. {

        byte[] decryptedData = decryptToken(xmlToken);


        XmlReader reader = new XmlTextReader(new StreamReader(new MemoryStream(decryptedData), Encoding.UTF8));

        m_token = (SamlSecurityToken)WSSecurityTokenSerializer.DefaultInstance.ReadToken(reader, null);


        SamlSecurityTokenAuthenticator authenticator = new SamlSecurityTokenAuthenticator(new List<SecurityTokenAuthenticator>(

             new SecurityTokenAuthenticator[]{

             new RsaSecurityTokenAuthenticator(),

             new X509SecurityTokenAuthenticator(X509CertificateValidator.None) }), MaximumTokenSkew);


        if (authenticator.CanValidateToken(m_token))


            ReadOnlyCollection<IAuthorizationPolicy> policies = authenticator.ValidateToken(m_token);

            m_authorizationContext = AuthorizationContext.CreateDefaultAuthorizationContext(policies);





            throw new Exception(“Unable to validate the token.”);




I hope after all these steps you are a step closer to the managed card STS sample.

Communication is the key

Silence is golden. The only reason i am posting this entry is to restate my belief in this line. You can say so many things but what you have said is not owned by you. You dont talk for your pleasure as it the words are just noises and the meaning is left totally for the intepretation of the others.

Casual talk is evil. The way words can be twisted has no limits. That is what one would say. But the point is what you say has to always go through the channel stack of processing. The stuff you say is never important. The context of your listener is important. You might mean good for all you know but if the listener does not think so then what you say is never what you mean.

A simple statement like “I dont care” has many implications. Fistly it could be considered to be as I dont care about the outcome as long as alls well that ends well. Another way to look at it – I dont care enough to bother about how things are done as long as you get it done. How about the fact that it can be looked at as – I trust you enough to do the things correctly that I dont care what you do it.

But trust me – this statement has gotten me into enough trouble cause to be honest its can and will only be intepreted as “I COULDN’T CARE LESS”.