The token returned from System.Web.HttpRequest.TlsTokenBindingInfo is incorrect when you use the .NET Framework 4.6

Symptoms
Assume that you have a server that is running Windows 10, and you use System.Web.HttpRequest.TlsTokenBindingInfo to obtain user identity. If a user is redirected to the server by a different server, you will also obtain the token that the user provided to the redirecting server as referred token binding ID. This referred token binding ID helps you identify the user on the redirecting server. However, in this situation, you cannot find the user on the redirecting server through the user's referred token binding ID.
Cause
The issue occurs because the token binding ID returned by System.Web.HttpRequest.TlsTokenBindingInfo includes the token type, and some other implementations might strip off the token type.
Resolution
To work around this issue, skip the first byte of the byte arrays in ITlsTokenBindingInfo and use the rest of the byte arrays as a user’s identity. 

Note You do not have to skip the first byte in future releases of the .NET Framework (later than the .NET Framework 4.6) because the API is subject to change in future, and it will strip off the first byte for you.

For more information about the known issues in the .NET Framework 4.6, see Known issues for the .NET Framework 4.6.
More information
For more information about the product versioning changes and their effects in the .NET Framework 4.6, see Application Compatibility in the .NET Framework 4.6.
Properties

Article ID: 3074856 - Last Review: 07/20/2015 15:54:00 - Revision: 2.0

Microsoft .NET Framework 4.6

  • kbqfe kbsurveynew kbtshoot kbexpertiseadvanced kbfix KB3074856
Feedback