question

conaxliu avatar image
0 Votes"
conaxliu asked conaxliu answered

Error when calling SPSecurityContext.SecurityTokenForFormsAuthentication

Hi,

I am currently upgrading a SharePoint 2016 site to SharePoint 2019, onto a different server. The site uses Form-Based Authentication for external access. I've configured the Membership and see that the new user registration works. (New user name successfully added to the membership database tables.) However, after successful registration, I still cannot log on. The issue is traced to the code below, when it tries to get the token by calling SPSecurityContext.SecurityTokenForFormsAuthentication.

         private SecurityToken GetSecurityToken(string username, string password)
         {
             SecurityToken token = null;
    
             using (SPSite site = new SPSite(SPContext.Current.Web.Url))
             {
                 SPIisSettings iisSettings = site.WebApplication.IisSettings[SPUrlZone.Extranet];
    
                 Uri appliesTo = new Uri(SPContext.Current.Web.Url);
    
                 if (string.IsNullOrEmpty(username) ||
                     string.IsNullOrEmpty(password))
                     return null;
    
                 SPFormsAuthenticationProvider authProvider = iisSettings.FormsClaimsAuthenticationProvider;
                 token = SPSecurityContext.SecurityTokenForFormsAuthentication( appliesTo, authProvider.MembershipProvider, authProvider.RoleProvider, username, password, SPFormsAuthenticationOption.None);
             }
             return token;
         }

Error Message: (not very helpful to me):
{"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."}

Stack Trace:
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForFormsAuthentication(Uri context, String membershipProviderName, String roleProviderName, String username, String password, SPFormsAuthenticationOption options, Nullable`1 shouldGenerateCookie, Nullable`1 sessionAttributes, Nullable`1 sessionAttributesToUpdate, String sharingSessionId, Nullable`1 lastAttestationTime, Nullable`1 nextCAPolicyCheckTime, Nullable`1 extendedCAPolicyCheckTime)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForFormsAuthentication(Uri context, String membershipProviderName, String roleProviderName, String username, String password, SPFormsAuthenticationOption options, Nullable`1 shouldGenerateCookie)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForFormsAuthentication(Uri context, String membershipProviderName, String roleProviderName, String username, String password, SPFormsAuthenticationOption options)


I've checked that all parameters passed to the function look correct.


Questions I have now:

  • Could there be something I missed in IIS configuration?

  • Where exactly can/should I turn on IncludeExceptionDetailInFaults? If it's in a web.config file, which site's web.config file should I modify?

  • I tried to turn on tracing in the SharePoint site's web.config file, following the steps in this video https://www.youtube.com/watch?v=fXSjwBgRrto. But I don't see the log files appearing. Have I edited the wrong web.config file?

Any help is so much appreciated!




office-sharepoint-server-development
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

conaxliu avatar image
0 Votes"
conaxliu answered

Thank you @MichaelHan-MSFT for the suggestion. I did come across that post when Googling about my issue but that post described a different issue, where the security token service was not activated and my security token service was working.

But in the end, I found that the membership configurations settings also need to be placed into the web.config file of the security token service application, besides already placed into the SharePoint web application's web.config file!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered

Hi @conaxliu,

Just from the the stack trace, we can not find the cause of your problem. You could refer to this post to troubleshoot this issue:
https://social.technet.microsoft.com/Forums/en-US/0fc27063-9ae3-458d-b48e-cfb400f3f67f/securitytokenservice-error-when-signing-in-with-formsbased-authentication?forum=sharepointadminprevious

And for the web.config file, you should set the customErrors mode to “Off” to see error details. The web.config file should be the web application you deployed FBA

120349-image.png


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (8.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.