Develop Reference

InvalidSignatureException: Signature is invalid - saml-2.0

I am trying to use ITFoxtec-saml with Auth0 as IdP. But on ACS, I am getting following error:
ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 237
at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Request.cs:line 204
at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2Response.cs:line 66
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Request\Saml2AuthnResponse.cs:line 214
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 106
at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2PostBinding.cs:line 96
at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response) in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\src\ITfoxtec.Identity.Saml2\Bindings\Saml2Binding.cs:line 70
at TestWebAppCore.Controllers.AuthController.AssertionConsumerService() in C:\Documents\Repos\ITfoxtec.Identity.Saml2-master\ITfoxtec.Identity.Saml2-master\test\TestWebAppCore\Controllers\AuthController.cs:line 58

The ITFoxtec Identity SAML 2.0 component should accept the signature if it is valid. I do not know about problems validading Auth0 tokens.
To debug you can check if the signature algorithm and the certificate is correct. And maybe also try to set the certificate validation mode to none and the revocation mode to no check.
Configuration example:
"Saml2": {
...
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"CertificateValidationMode": "None",
"RevocationMode": "NoCheck"
...
}

Related

We are recieving an exception when validating an assertion with a OneTimeUse Condition. We do not see a way to override or change this behavior. Any help?
Exception: Microsoft.IdentityModel.Tokens.SecurityTokenValidationException: IDX13510: The Saml2SecurityToken cannot be validated because the Assertion specifies a OneTimeUse condition.Enforcement of the OneTimeUse condition is not supported by default.To customize the enforcement of OneTimeUse condition, extend Saml2SecurityTokenHandler and override ValidateOneTimeUseCondition. at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateOneTimeUseCondition(Saml2SecurityToken securityToken, TokenValidationParameters validationParameters) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Saml2SecurityToken samlToken, TokenValidationParameters validationParameters) at ITfoxtec.Identity.Saml2.Tokens.Saml2ResponseSecurityTokenHandler.ValidateToken(SecurityToken token, String tokenString, Saml2Response saml2Response, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadClaimsIdentity(String tokenString, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature, Boolean detectReplayedTokens) at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
We tried exploring the options classes and extending the handler but neither seem viable.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_381479691072dae3061c8eb476d8f638726d827456" IssueInstant="2023-01-04T19:59:55.431Z" Destination="https://p-dv-vm-tee8won:443/Relativity/Identity/98E1EA02C6824DB779469702E3C3A50DF55188D3"><saml:Issuer>https://capriza.github.io/samling/samling.html</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_b4062517bccdf96dd61be6ad16374ba6aac7bccca6" IssueInstant="2023-01-04T19:59:55.383Z"><saml:Issuer>https://capriza.github.io/samling/samling.html</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_b4062517bccdf96dd61be6ad16374ba6aac7bccca6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>czTc3X2L2jmH8hZmbw8CnVbLGWIOCgWpQhLb6cMIRF4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NH/nBTI88+D7KqA26IahTsf6bpXqSdBsGf/Bk4gvtJ9NGzfEJ14Pxh9fhYgq47begLqSY61Whoek6CQs908p8Qck37BFtvxR4gsWFULGIbb7ybsEMqajBR0pVDarxcC04bgXTa2nmMs2CO0lwl6lBMAEOQaf/03W8SxLSh2ovPQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICpzCCAhACCQDuFX0Db5iljDANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHU2FtbGluZzEPMA0GA1UECwwGU2FsaW5nMRQwEgYDVQQDDAtjYXByaXphLmNvbTEmMCQGCSqGSIb3DQEJARYXZW5naW5lZXJpbmdAY2Fwcml6YS5jb20wHhcNMTgwNTE1MTgxMTEwWhcNMjgwNTEyMTgxMTEwWjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHU2FtbGluZzEPMA0GA1UECwwGU2FsaW5nMRQwEgYDVQQDDAtjYXByaXphLmNvbTEmMCQGCSqGSIb3DQEJARYXZW5naW5lZXJpbmdAY2Fwcml6YS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJEBNDJKH5nXr0hZKcSNIY1l4HeYLPBEKJLXyAnoFTdgGrvi40YyIx9lHh0LbDVWCgxJp21BmKll0CkgmeKidvGlr3FUwtETro44L+SgmjiJNbftvFxhNkgA26O2GDQuBoQwgSiagVadWXwJKkodH8tx4ojBPYK1pBO8fHf3wOnxAgMBAAEwDQYJKoZIhvcNAQELBQADgYEACIylhvh6T758hcZjAQJiV7rMRg+Omb68iJI4L9f0cyBcJENR+1LQNgUGyFDMm9Wm9o81CuIKBnfpEE2Jfcs76YVWRJy5xJ11GFKJJ5T0NEB7txbUQPoJOeNoE736lF5vYw6YKp8fJqPW0L2PLWe9qTn8hxpdnjo3k6r5gXyl8tk=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">redactedemail#relativity.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2023-01-04T20:09:55.383Z" Recipient="https://p-dv-vm-tee8won:443/Relativity/Identity/98E1EA02C6824DB779469702E3C3A50DF55188D3"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2023-01-04T19:59:55.383Z" NotOnOrAfter="2023-01-04T20:09:55.383Z"><saml:AudienceRestriction><saml:Audience>https://p-dv-vm-tee8won/Relativity</saml:Audience></saml:AudienceRestriction><saml:OneTimeUse></saml:OneTimeUse></saml:Conditions><saml:AuthnStatement AuthnInstant="2023-01-04T19:59:55.383Z" SessionNotOnOrAfter="2023-01-04T20:09:55.381Z" SessionIndex="_samling_4122095_80192495"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>

I have newer herd about this problem I'm afraid.
Please add a decoded SAML 2.0 authn response which the problem.
**** EDITED ****
The SAML 2.0 authn response is rejected because it contains the OneTimeUse element.
<saml:OneTimeUse>
</saml:OneTimeUse>
The OneTimeUse element is optional in SAML 2.0. But not supported by the ITfoxtec Identity SAML library because the underling Microsoft components do not support it.
You can resolve the problem by asking the IdP to remove the empty OneTimeUse element.

I'm setting up a saml2 authorization, and is using itfoxtec libary.
But from the idp i only get one attribute value and no NameId.
In my assertionConsumerService i get a ArgumentNullException on nameId.
They say that nameId is optional, so therefore they only send the attribute value.
So can you use itfoxtec without nameid or is it requred?
Adding stacktrace
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenReadException: IDX13102: Exception thrown while reading 'NameIDType' for Saml2SecurityToken. Inner exception: 'System.ArgumentNullException: IDX10000: The parameter 'value' cannot be a 'null' or an empty object. (Parameter 'value')
at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)'.
---> System.ArgumentNullException: IDX10000: The parameter 'value' cannot be a 'null' or an empty object. (Parameter 'value')
at Microsoft.IdentityModel.Tokens.Saml2.Saml2NameIdentifier.set_Value(String value)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdType(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameId(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadNameIdentifier(XmlDictionaryReader reader, String parentElement)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadSubject(XmlDictionaryReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadAssertion(XmlReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2Token(XmlReader reader)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadSaml2Token(String token)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadSecurityToken(String tokenString)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature, Boolean detectReplayedTokens)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
at ...Controllers.AuthorizationsController.AssertionConsumerService() in ...Areas\Client\Controllers\AuthorizationsController.cs:line 95

You can use the ITfoxtec Identity SAML2 component without a NameID, but then you are not able to do logout or single logout. NameID is optional in login but not in logout and single logout.
Where are you experiencing a ArgumentNullException?
UPDATE
I have added support for issuing SAML 2.0 tokens without a NameID and testet that the component accept tokens without NameID. You should not experience an error. Are you using the latest version 2.8.2?

I am using ITfoxtec Identity.Saml2.MvcCore for .net core v3.1 for Single sign on using Ping Identity.
SAML ERROR Form key length limit 2048 exceeded. at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ThrowKeyTooLargeException()
at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ParseValuesSlow(ReadOnlySequence1& buffer, KeyValueAccumulator& accumulator, Boolean isFinalBlock) at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ParseFormValues(ReadOnlySequence1& buffer, KeyValueAccumulator& accumulator, Boolean isFinalBlock)
at Microsoft.AspNetCore.WebUtilities.FormPipeReader.ReadFormAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Http.Features.FormFeature.InnerReadFormAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Http.Features.FormFeature.ReadForm()
at Microsoft.AspNetCore.Http.DefaultHttpRequest.get_Form()
at ITfoxtec.Identity.Saml2.MvcCore.HttpRequestExtensions.ToGenericHttpRequest(HttpRequest request)
at Nbc.Score.Remotes.Web.Controllers.HomeController.AssertionConsumerService()
Failed method ITfoxtec.Identity.Saml2.MvcCore.HttpRequestExtensions.ToGenericHttpRequest

It looks like an form property is to lang, more then 2048 characters. It do not look like it is a value length which is a problem but instead a property length.
How dos the raw response look like?

So I have two demo applications to test. One in .net 4.7 and the other in .net core 3.1.
When running the applications I'm getting different results depending the one used.
In both of them I put the CertificationValidationMode to None.
In .Net core I'm getting this error:
ITfoxtec.Identity.Saml2.Cryptography.InvalidSignatureException: Signature is invalid.
at ITfoxtec.Identity.Saml2.Saml2Request.ValidateXmlSignature(SignatureValidation documentValidationResult)
at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.UnbindInternal(HttpRequest request, Saml2Request saml2RequestResponse, String messageName)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.Unbind(HttpRequest request, Saml2Response saml2Response)
which is good because I modified the assertion to extend the time for testing and at that point I'm assuming that the validation was bypassed and it is failing because it does not match.
In .Net Framework, this error is coming up:
ID4037: The key needed to verify the signature could not be resolved from the following security key
identifier
'SecurityKeyIdentifier(
IsReadOnly = False,
Count = 1,
Clause[0] = System.IdentityModel.Tokens.Saml2SecurityKeyIdentifierClause
)
'. Ensure that the SecurityTokenResolver is populated with the required key.
at System.IdentityModel.EnvelopedSignatureReader.ResolveSigningCredentials()
at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()
at System.IdentityModel.EnvelopedSignatureReader.Read()
at System.Xml.XmlReader.ReadEndElement()
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader)
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadToken(XmlReader reader)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.ReadSecurityToken(XmlNode assertionElement)
at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature)
at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
Here I'm thinking that the validation is happening, it is not bypassed, and it is failing. Basically the Validation Mode is ignored.
Am I thinking this wrong?
Thanks

As you say the result looks correct regarding .NET core.
It looks like the .Net Framework cannot find a certificate that match the certificate used in the SAML. 2.0 AuthnResponse. Maybe the .Net Framework application is not configured with the correct certificate? I do not think it has anything to do with the Validation Mode.

I'm getting the dreaded DNN Error "An unexpected error has occurred" with a link to return to the site. There's no other information displayed here so I checked the logs under \Portals\_default\Logs\ and found this:
2019-09-26 10:15:02.052-05:00 [XXXXXX][D:4][T:84][ERROR] DotNetNuke.Services.Exceptions.Exceptions - ToSic.SexyContent.Search.SearchIndexException: Search: Error while indexing module 450 on tab 44, portal 0 ---> System.NullReferenceException: Object reference not set to an instance of an object.
at ToSic.Eav.Security.Permissions.PermissionCheckBase.DoesPermissionAllow(IEntity permissionEntity, Char[] desiredActionCode) in C:\Projects\eav-server\ToSic.Eav.Core\Security\Permissions\PermissionCheckBase.cs:line 119
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
at ToSic.SexyContent.SxcInstance.get_UserMayEdit() in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\SxcInstance_Render.cs:line 17
at ToSic.SexyContent.ContentBlocks.ModuleContentBlock..ctor(IInstanceInfo instanceInfo, Log parentLog, ITenant tenant, IEnumerable`1 overrideParams) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\ContentBlocks\ModuleContentBlock.cs:line 66
at ToSic.SexyContent.Environment.Dnn7.Search.SearchController.GetModifiedSearchDocuments(IInstanceInfo instance, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Search\SearchController.cs:line 53
at ToSic.SexyContent.Environment.Dnn7.DnnBusinessController.GetModifiedSearchDocuments(ModuleInfo moduleInfo, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Environment\Dnn7\DnnBusinessController.cs:line 98
--- End of inner exception stack trace ---
at ToSic.SexyContent.Environment.Dnn7.DnnBusinessController.GetModifiedSearchDocuments(ModuleInfo moduleInfo, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Environment\Dnn7\DnnBusinessController.cs:line 102
at DotNetNuke.Services.Search.ModuleIndexer.IndexSearchDocuments(Int32 portalId, ScheduleHistoryItem schedule, DateTime startDateLocal, Action`1 indexer)
2019-09-26 10:15:02.069-05:00 [XXXXXX][D:4][T:84][ERROR] DotNetNuke.Services.Exceptions.Exceptions - ToSic.SexyContent.Search.SearchIndexException: Search: Error while indexing module 451 on tab 20, portal 0 ---> System.NullReferenceException: Object reference not set to an instance of an object.
at ToSic.Eav.Security.Permissions.PermissionCheckBase.DoesPermissionAllow(IEntity permissionEntity, Char[] desiredActionCode) in C:\Projects\eav-server\ToSic.Eav.Core\Security\Permissions\PermissionCheckBase.cs:line 119
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
at ToSic.SexyContent.SxcInstance.get_UserMayEdit() in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\SxcInstance_Render.cs:line 17
at ToSic.SexyContent.ContentBlocks.ModuleContentBlock..ctor(IInstanceInfo instanceInfo, Log parentLog, ITenant tenant, IEnumerable`1 overrideParams) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\ToSic.Sxc\SexyContent\ContentBlocks\ModuleContentBlock.cs:line 66
at ToSic.SexyContent.Environment.Dnn7.Search.SearchController.GetModifiedSearchDocuments(IInstanceInfo instance, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Search\SearchController.cs:line 53
at ToSic.SexyContent.Environment.Dnn7.DnnBusinessController.GetModifiedSearchDocuments(ModuleInfo moduleInfo, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Environment\Dnn7\DnnBusinessController.cs:line 98
--- End of inner exception stack trace ---
at ToSic.SexyContent.Environment.Dnn7.DnnBusinessController.GetModifiedSearchDocuments(ModuleInfo moduleInfo, DateTime beginDate) in C:\Projects\2sxc-dnn742\Website\DesktopModules\ToSIC_SexyContent\2sxc Dnn\Environment\Dnn7\DnnBusinessController.cs:line 102
at DotNetNuke.Services.Search.ModuleIndexer.IndexSearchDocuments(Int32 portalId, ScheduleHistoryItem schedule, DateTime startDateLocal, Action`1 indexer)
Unfortunately, I haven't touched the site at all since a demo I did at the beginning of August where I created a sample post which means I have no idea what I did to cause the error. I didn't get any error messages at that time and after getting approval from the big wigs, I shifted my focus to other projects and don't recall doing anything usual or bumping into any errors. But I try to access the site today and I get these errors related to 2SXC.
What do these errors mean and how can I fix the issue to restore my site?
Update: I'm running DNN 9.1.1 and 2SXC 09.32.01 with the News app 03.01.04
Update 2: I just notices this error too:
2019-09-27 11:17:08.567-05:00 [XXXXXX][D:2][T:10][ERROR] DotNetNuke.Services.Exceptions.Exceptions - DotNetNuke.Services.Exceptions.PageLoadException: Unhandled error loading page. ---> System.Web.HttpParseException: The file '/DesktopModules/DDRMenu/Menu.ascx' does not exist. ---> System.Web.HttpParseException: The file '/DesktopModules/DDRMenu/Menu.ascx' does not exist. ---> System.Web.HttpException: The file '/DesktopModules/DDRMenu/Menu.ascx' does not exist.
at System.Web.UI.Util.CheckVirtualFileExists(VirtualPath virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate)
at System.Web.UI.BaseTemplateParser.GetReferencedType(VirtualPath virtualPath, Boolean allowNoCompile)
at System.Web.UI.BaseTemplateParser.GetUserControlType(VirtualPath virtualPath)
at System.Web.UI.MainTagNameToTypeMapper.ProcessUserControlRegistration(UserControlRegisterEntry ucRegisterEntry)
at System.Web.UI.BaseTemplateParser.ProcessDirective(String directiveName, IDictionary directive)
at System.Web.UI.TemplateParser.ParseStringInternal(String text, Encoding fileEncoding)
--- End of inner exception stack trace ---
at System.Web.UI.TemplateParser.ProcessException(Exception ex)
at System.Web.UI.TemplateParser.ParseStringInternal(String text, Encoding fileEncoding)
at System.Web.UI.TemplateParser.ParseString(String text, VirtualPath virtualPath, Encoding fileEncoding)
--- End of inner exception stack trace ---
at System.Web.UI.TemplateParser.ParseString(String text, VirtualPath virtualPath, Encoding fileEncoding)
at System.Web.UI.TemplateParser.ParseFile(String physicalPath, VirtualPath virtualPath)
at System.Web.UI.TemplateParser.ParseInternal()
at System.Web.UI.TemplateParser.Parse()
at System.Web.Compilation.BaseTemplateBuildProvider.get_CodeCompilerType()
at System.Web.Compilation.BuildProvider.GetCompilerTypeFromBuildProvider(BuildProvider buildProvider)
at System.Web.Compilation.BuildProvidersCompiler.ProcessBuildProviders()
at System.Web.Compilation.BuildProvidersCompiler.PerformBuild()
at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath)
at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)
at System.Web.UI.TemplateControl.LoadControl(VirtualPath virtualPath)
at DotNetNuke.UI.ControlUtilities.LoadControl[T](TemplateControl containerControl, String ControlSrc)
at DotNetNuke.UI.Skins.Skin.LoadSkin(PageBase page, String skinPath)
--- End of inner exception stack trace ---

My problem actually had nothing to do with 2SXC. In my Update 2 on the original question, I mentioned I had also noticed an error saying:
System.Web.HttpParseException: The file '/DesktopModules/DDRMenu/Menu.ascx' does not exist.
This apparently is a common problem with DNN module development in Visual Studio. From HemIT Blog:
Where does this Virtual Directory come from? In my development environment, it comes from the following facts:
we are using SVN, and I tend to checkout the modules and compile them outside of my IIS websites
I am using the famous christoc template for module development (don't get me wrong, it's great! It's just doing things behind our back that we might not foresee).
Indeed, if I look in my project file:
The real culprit is Visual Studio!
When you are checking your module out, if you have a site configured on IIS, project will open fine. However when you compile, if you are out of an IIS website, a virtual directory "desktopmodule" will get created, and hide the "DesktopModules" folder.
Hence DNN can no longer find the DDRMenu module, hence it is failing.
The solution was really simple. Go into IIS and remove the virtual directory labeled "desktopmodules":