Monday, July 25, 2011

Applying your FBA configuration to production environment - Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +1161013

OK, we have discussed the steps of configuring your SharePoint site to use FBA , I've configured it many and many times , but there was a case where it was required that the Web Front End for our site will be on two servers , ok a little detail i found that when you deploy your site in several WFEs  you need to configure in three places
1- Your Central Admin Application pool

2- your STS (Security Token Service).

3- In each WFE

so what, I configured them all as usual , every thing is fine , testing the login page , oooooooooooooooops an error page (NOT SHAREPOINT ERROR) ASP.NET error page, ok calm down enable custom error  , and i got - Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +1161013- what is this ??? , I assumed that the error was not ASP its SharePoint ,opened the LOGS file and i found that the user i created from the central admin sever , couldn't be verified by  the WFE as i configured my ASPMembership provider to encrypt the passwords, And of course as we all know that the password is encrypted by the machine-key which differs from one machine to the other , ok there is a solution for this issue , open your web.config on one of your WFEs , find the "machineKey" tag it looks like the following <machineKey validationKey="424B56AB4FC235300974BB13CE70F69987166E4F690DFF0F" decryptionKey="FED66B56701EB68F15C714D84DC8C7434F2445167DE802E8" validation="SHA1" /> copy it and paste it to all the WFEs using your site , Now all the WFEs are Decrypting-Encrypting using the same key. Mission Accomplished !!!!