Hello and sorry for the cryptic subject,
The issue is quickly explained:
- The tokenrequestparameters (see: https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/wcf/tokenrequestparameters) allow the definition of xmlElements, that are used in the token request.
- In our company we have old servers with IIS 8.5 and 7.5
- We deployed the same software to these servers, and in the Web.Config of one of the deployed portals we set the tokenrequestparameters to something along the lines of (highlighting the issue in bold):
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters> - In IIS 7.5 it works and the for example the authentication setting "Anonymous" can be toggled in the IIS Manager
- In IIS 8.5 it does not work and on trying to toggle the Anonymous Authentication in the IIS Manager we receive the error:
![]()
This problem is entirely resolved when we change the namespacing to: <tokenRequestParameters>
<SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</SecondaryParameters>
</tokenRequestParameters>
a similar issue is documented here:
https://zzz.buzz/2018/02/09/c00cef03-assemblybinding-and-iis-8-or-10/
When one checks W3C it claims using the namespace in the same tag that declares the namespace is fine.
<h:table xmlns:h="http://www.w3.org/TR/html4/">
<h:tr>
<h:td>Apples</h:td>
<h:td>Bananas</h:td>
</h:tr>
</h:table>
(source:
https://www.w3schools.com/xml/xml_namespaces.asp)
but it does not work in IIS 8.5 web.configs
Now my questions:
- Is it intentional, that this behaviour changed between IIS 7.5 and IIS 8.5?
- Will there be an update showing a better error message when such an XML Schema-Validation Error prevents writing of the Web.Config? (This Issue cost a lot of time, finding that this legal namespace declaration was causing a cryptic error in one version of the IIS and not another)