Is NameId required? saml2 itfoxtec-identity-saml2 - itfoxtec-identity-saml2

I'm setting up a saml2 authorization, and is using itfoxtec libary.
But from the idp i only get one attribute value and no NameId.
In my assertionConsumerService i get a ArgumentNullException on nameId.
They say that nameId is optional, so therefore they only send the attribute value.
So can you use itfoxtec without nameid or is it requred?
Adding stacktrace
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenReadException: IDX13102: Exception thrown while reading 'NameIDType' for Saml2SecurityToken. Inner exception: 'System.ArgumentNullException: IDX10000: The parameter 'value' cannot be a 'null' or an empty object. (Parameter 'value')
at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)'.
---> System.ArgumentNullException: IDX10000: The parameter 'value' cannot be a 'null' or an empty object. (Parameter 'value')
at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameId(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdentifier(XmlDictionaryReader reader, String parentElement)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadSubject(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadAssertion(XmlReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2Token(XmlReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2Token(String token)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadSecurityToken(String tokenString)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
at ...Controllers.AuthorizationsController.AssertionConsumerService() in ...Areas\Client\Controllers\AuthorizationsController.cs:line 95

You can use the ITfoxtec Identity SAML2 component without a NameID, but then you are not able to do logout or single logout. NameID is optional in login but not in logout and single logout.
Where are you experiencing a ArgumentNullException?
UPDATE
I have added support for issuing SAML 2.0 tokens without a NameID and testet that the component accept tokens without NameID. You should not experience an error. Are you using the latest version 2.8.2?

Related

IDX13510: The Saml2SecurityToken cannot be validated because the Assertion specifies a OneTimeUse

We are recieving an exception when validating an assertion with a OneTimeUse Condition. We do not see a way to override or change this behavior. Any help?
Exception: Microsoft.IdentityModel.Tokens.SecurityTokenValidationException: IDX13510: The Saml2SecurityToken cannot be validated because the Assertion specifies a OneTimeUse condition.Enforcement of the OneTimeUse condition is not supported by default.To customize the enforcement of OneTimeUse condition, extend Saml2SecurityTokenHandler and override ValidateOneTimeUseCondition. at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateOneTimeUseCondition(Saml2SecurityToken securityToken, TokenValidationParameters validationParameters) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Saml2SecurityToken samlToken, TokenValidationParameters validationParameters) at ITfoxtec.Identity.Saml2.Tokens.Saml2ResponseSecurityTokenHandler.ValidateToken(SecurityToken token, String tokenString, Saml2Response saml2Response, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadClaimsIdentity(String tokenString, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
We tried exploring the options classes and extending the handler but neither seem viable.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_381479691072dae3061c8eb476d8f638726d827456" IssueInstant="2023-01-04T19:59:55.431Z" Destination="https://p-dv-vm-tee8won:443/Relativity/Identity/98E1EA02C6824DB779469702E3C3A50DF55188D3"><saml:Issuer>https://capriza.github.io/samling/samling.html</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_b4062517bccdf96dd61be6ad16374ba6aac7bccca6" IssueInstant="2023-01-04T19:59:55.383Z"><saml:Issuer>https://capriza.github.io/samling/samling.html</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_b4062517bccdf96dd61be6ad16374ba6aac7bccca6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>czTc3X2L2jmH8hZmbw8CnVbLGWIOCgWpQhLb6cMIRF4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NH/nBTI88+D7KqA26IahTsf6bpXqSdBsGf/Bk4gvtJ9NGzfEJ14Pxh9fhYgq47begLqSY61Whoek6CQs908p8Qck37BFtvxR4gsWFULGIbb7ybsEMqajBR0pVDarxcC04bgXTa2nmMs2CO0lwl6lBMAEOQaf/03W8SxLSh2ovPQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICpzCCAhACCQDuFX0Db5iljDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHU2FtbGluZzEPMA0GA1UECwwGU2FsaW5nMRQwEgYDVQQDDAtjYXByaXphLmNvbTEmMCQGCSqGSIb3DQEJARYXZW5naW5lZXJpbmdAY2Fwcml6YS5jb20wHhcNMTgwNTE1MTgxMTEwWhcNMjgwNTEyMTgxMTEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHU2FtbGluZzEPMA0GA1UECwwGU2FsaW5nMRQwEgYDVQQDDAtjYXByaXphLmNvbTEmMCQGCSqGSIb3DQEJARYXZW5naW5lZXJpbmdAY2Fwcml6YS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJEBNDJKH5nXr0hZKcSNIY1l4HeYLPBEKJLXyAnoFTdgGrvi40YyIx9lHh0LbDVWCgxJp21BmKll0CkgmeKidvGlr3FUwtETro44L+SgmjiJNbftvFxhNkgA26O2GDQuBoQwgSiagVadWXwJKkodH8tx4ojBPYK1pBO8fHf3wOnxAgMBAAEwDQYJKoZIhvcNAQELBQADgYEACIylhvh6T758hcZjAQJiV7rMRg+Omb68iJI4L9f0cyBcJENR+1LQNgUGyFDMm9Wm9o81CuIKBnfpEE2Jfcs76YVWRJy5xJ11GFKJJ5T0NEB7txbUQPoJOeNoE736lF5vYw6YKp8fJqPW0L2PLWe9qTn8hxpdnjo3k6r5gXyl8tk=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">redactedemail#relativity.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2023-01-04T20:09:55.383Z" Recipient="https://p-dv-vm-tee8won:443/Relativity/Identity/98E1EA02C6824DB779469702E3C3A50DF55188D3"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2023-01-04T19:59:55.383Z" NotOnOrAfter="2023-01-04T20:09:55.383Z"><saml:AudienceRestriction><saml:Audience>https://p-dv-vm-tee8won/Relativity</saml:Audience></saml:AudienceRestriction><saml:OneTimeUse></saml:OneTimeUse></saml:Conditions><saml:AuthnStatement AuthnInstant="2023-01-04T19:59:55.383Z" SessionNotOnOrAfter="2023-01-04T20:09:55.381Z" SessionIndex="_samling_4122095_80192495"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
I have newer herd about this problem I'm afraid.
Please add a decoded SAML 2.0 authn response which the problem.
**** EDITED ****
The SAML 2.0 authn response is rejected because it contains the OneTimeUse element.
<saml:OneTimeUse>
</saml:OneTimeUse>
The OneTimeUse element is optional in SAML 2.0. But not supported by the ITfoxtec Identity SAML library because the underling Microsoft components do not support it.
You can resolve the problem by asking the IdP to remove the empty OneTimeUse element.

ITfoxtec Identity.Saml2.MvcCore -- SAML ERROR Form key length limit 2048 exceeded

I am using ITfoxtec Identity.Saml2.MvcCore for .net core v3.1 for Single sign on using Ping Identity.
SAML ERROR Form key length limit 2048 exceeded. at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ThrowKeyTooLargeException()
at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ParseValuesSlow(ReadOnlySequence1& buffer, KeyValueAccumulator& accumulator, Boolean isFinalBlock) at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ParseFormValues(ReadOnlySequence1& buffer, KeyValueAccumulator& accumulator, Boolean isFinalBlock)
at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ReadFormAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Http.Features.FormFeature.InnerReadFormAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Http.Features.FormFeature.ReadForm()
at Microsoft.AspNetCore.Http.DefaultHttpRequest.get_Form()
at ITfoxtec.Identity.Saml2.MvcCore.HttpRequestExtensions.ToGenericHttpRequest(HttpRequest request)
at Nbc.Score.Remotes.Web.Controllers.HomeController.AssertionConsumerService()
Failed method ITfoxtec.Identity.Saml2.MvcCore.HttpRequestExtensions.ToGenericHttpRequest
It looks like an form property is to lang, more then 2048 characters. It do not look like it is a value length which is a problem but instead a property length.
How dos the raw response look like?

Using .Net Framework CertificationValidationMode is ignored?

So I have two demo applications to test. One in .net 4.7 and the other in .net core 3.1.
When running the applications I'm getting different results depending the one used.
In both of them I put the CertificationValidationMode to None.
In .Net core I'm getting this error:
ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult)
at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response)
which is good because I modified the assertion to extend the time for testing and at that point I'm assuming that the validation was bypassed and it is failing because it does not match.
In .Net Framework, this error is coming up:
ID4037: The key needed to verify the signature could not be resolved from the following security key
identifier
'SecurityKeyIdentifier(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.Saml2SecurityKeyIdentifierClause
)
'. Ensure that the SecurityTokenResolver is populated with the required key.
at System.IdentityModel.EnvelopedSignatureReader.ResolveSigningCredentials()
at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()
at System.IdentityModel.EnvelopedSignatureReader.Read()
at System.Xml.XmlReader.ReadEndElement()
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader)
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadToken(XmlReader reader)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadSecurityToken(XmlNode assertionElement)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
Here I'm thinking that the validation is happening, it is not bypassed, and it is failing. Basically the Validation Mode is ignored.
Am I thinking this wrong?
Thanks
As you say the result looks correct regarding .NET core.
It looks like the .Net Framework cannot find a certificate that match the certificate used in the SAML. 2.0 AuthnResponse. Maybe the .Net Framework application is not configured with the correct certificate? I do not think it has anything to do with the Validation Mode.

InvalidSignatureException: Signature is invalid

I am trying to use ITFoxtec-saml with Auth0 as IdP. But on ACS, I am getting following error:
ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 237
at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 204
at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Response.cs:line 66
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2AuthnResponse.cs:line 214
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 106
at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 96
at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2Binding.cs:line 70
at TestWebAppCore.Controllers.AuthController.AssertionConsumerService() in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\test\TestWebAppCore\Controllers\AuthController.cs:line 58
The ITFoxtec Identity SAML 2.0 component should accept the signature if it is valid. I do not know about problems validading Auth0 tokens.
To debug you can check if the signature algorithm and the certificate is correct. And maybe also try to set the certificate validation mode to none and the revocation mode to no check.
Configuration example:
"Saml2": {
...
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
...
}

Why am I getting "Unable to load the specified metadata resource" error?

I have an MVC5 web application which I usually develop using my laptop.
I am trying to get the app running on my main machine at home for home-working days but have a problem connecting to the local dev database on SQL Server - when I start the app I get the following error:
More info 30/11/16:
Note that the model is generated from EDML using Entity Developer
Unable to load the specified metadata resource. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
The solution consists of 2 projects, one of which is an entity model project which is generated from EDMX.
Note: On my main machine (where it isn't working) the connection string in Web.config is the same as the machine where it works except for Data Source which refers to the SQL Server name on the main machine - I have checked this is correct several times:
I have read several Stack Overflow posts with similar issues - most point to something wrong with the path to the csdl, ssdl, msl part of the connection string.
I have:
Checked the server name is correct in the connection string
Checked the database name is correct in the connection string
Checked the database exists and is available
Checked each of the three files are where the connection string says they are (they are)
Tried using wildcard in the connection string: res://*/dllname.csdl|res://*/dllname.ssdl|res://*/dllname.msl
Update 30/11/2016:
From the suggestions in this link I have:
Checked the MetadataArtifactProcessing property - it is not set to Copy to Output directory
Checked the connection string
We don't have a post-compile task
From the suggestion in this link I have tried setting the connection string connectionString="metadata=res://*/;
Stack Trace:
[MetadataException: Unable to load the specified metadata resource.]
System.Data.Entity.Core.Metadata.Edm.MetadataArtifactLoaderResource.LoadResource() +85
System.Data.Entity.Core.Metadata.Edm.MetadataArtifactLoaderResource.CreateReader() +10
System.Data.Entity.Core.Metadata.Edm.MetadataArtifactLoaderResource.CreateReaders(DataSpace spaceToGet) +72
System.Data.Entity.Core.Metadata.Edm.MetadataArtifactLoaderComposite.CreateReaders(DataSpace spaceToGet) +99
System.Data.Entity.Core.Metadata.Edm.MetadataCache.LoadEdmItemCollection(MetadataArtifactLoader loader) +41
System.Data.Entity.Core.Metadata.Edm.<>c__DisplayClass5.<GetMetadataWorkspace>b__0(String k) +37
System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd(TKey key, Func`2 valueFactory) +72
System.Data.Entity.Core.Metadata.Edm.MetadataCache.GetMetadataWorkspace(String cacheKey, MetadataArtifactLoader artifactLoader) +75
System.Data.Entity.Core.Metadata.Edm.MetadataCache.GetMetadataWorkspace(DbConnectionOptions effectiveConnectionOptions) +126
System.Data.Entity.Core.EntityClient.EntityConnection.GetMetadataWorkspace() +43
System.Data.Entity.Core.Objects.ObjectContext.RetrieveMetadataWorkspaceFromConnection() +20
System.Data.Entity.Core.Objects.ObjectContext..ctor(EntityConnection connection, Boolean isConnectionConstructor, ObjectQueryExecutionPlanFactory objectQueryExecutionPlanFactory, Translator translator, ColumnMapFactory columnMapFactory) +393
System.Data.Entity.Core.Objects.ObjectContext..ctor(String connectionString, String defaultContainerName) +35
App.Models.Entities..ctor() in C:\Users\Me\Desktop\App\App.MVC5\App.Entities.cs:37
App.MVC5.Models.CurrentUser..ctor(Boolean IsGuiDetailsRequired) in C:\Users\Me\Desktop\App\App.MVC5\Models\AccountModels.cs:87
App.MVC5.Controllers.HomeController..ctor() in C:\Users\Me\Desktop\App\App.MVC5\Controllers\HomeController.cs:11
[TargetInvocationException: Exception has been thrown by the target of an invocation.]
System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +114
System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +232
System.Activator.CreateInstance(Type type, Boolean nonPublic) +83
System.Activator.CreateInstance(Type type) +11
System.Web.Mvc.DefaultControllerActivator.Create(RequestContext requestContext, Type controllerType) +55
[InvalidOperationException: An error occurred when trying to create a controller of type 'App.MVC5.Controllers.HomeController'. Make sure that the controller has a parameterless public constructor.]
System.Web.Mvc.DefaultControllerActivator.Create(RequestContext requestContext, Type controllerType) +178
System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType) +76
System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName) +88
Castle.Proxies.Invocations.IControllerFactory_CreateController.InvokeMethodOnTarget() +118
Castle.DynamicProxy.AbstractInvocation.Proceed() +80
Glimpse.Core.Extensibility.CastleInvocationToAlternateMethodContextAdapter.Proceed() +11
Glimpse.Core.Extensions.AlternateMethodContextExtensions.TryProceedWithTimer(IAlternateMethodContext context, TimerResult& timerResult) +41
Glimpse.Core.Extensibility.AlternateMethod.NewImplementation(IAlternateMethodContext context) +25
Glimpse.Core.Extensibility.AlternateTypeToCastleInterceptorAdapter.Intercept(IInvocation invocation) +84
Castle.DynamicProxy.AbstractInvocation.Proceed() +108
Castle.Proxies.IControllerFactoryProxy.CreateController(RequestContext requestContext, String controllerName) +214
System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController& controller, IControllerFactory& factory) +194
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) +50
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) +48
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) +16
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +103
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
There's a very popular question over there and from its rating I can assume it helped a lot of people. It even mentions a blog post with complete troubleshooting for this problem. Also, this answer looks like something you didn't try yet.

Resources