I am trying to build a Security Token, Serialize, Read and Validate it, all inside a Console Application. Following is the code. I am getting an exception while trying to Validate the Token. The SharePoint 2013 site I am using here uses FBA Claims and the site is a Multi Tenant site.
string siteUrl = "url of the site";
Uri uri = new Uri(siteUrl);
System.IdentityModel.Tokens.SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(uri, "CustomMembershipProvider", "CustomRoleProvider", "user1", "password1", SPFormsAuthenticationOption.PersistentSignInRequest);
if (token != null)
{
string assertionXML = ((System.IdentityModel.Tokens.GenericXmlSecurityToken)(token)).TokenXml.OwnerDocument.InnerXml;
using (StringReader sr = new StringReader(assertionXML))
{
using (XmlReader reader = XmlReader.Create(sr))
{
if (!reader.ReadToFollowing("saml:Assertion"))
{
throw new Exception("Assertion not found!");
}
SecurityTokenHandlerCollection collection = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
collection.ElementAt(2).Configuration.AudienceRestriction.AllowedAudienceUris.Add(uri);
System.IdentityModel.Tokens.SecurityToken newToken = collection.ReadToken(reader.ReadSubtree());
ReadOnlyCollection<System.Security.Claims.ClaimsIdentity> claims = collection.ValidateToken(newToken); <-- This line throws exception
}
}
}The Inner Exception message is as given below.
"The X.509 certificate CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US is not in the trusted people store.
The X.509 certificate CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US chain building failed.
The certificate that was used has a trust chain that cannot be verified.
Replace the certificate or change the certificateValidationMode.
A certificate chain could not be built to a trusted root authority"
Can anyone please help?
Ven