We Keep Coding

Add a Kerberos authentication to existing WebService in asp.net c#

There is an existing WebService that connects to the proxy server and I need to add a Kerberos authentication policy into it.
I know there existing topics about Kerberos authentication but can anyone share some code snippets on how to add Kerberos authentication on a WebService?
Almost all Kerberos topics just discuss how the Kerberos authentication works. Thanks in advance.

Start with enabling WSE 3, and enably the policy. Do this in the web.config file
<configSections>
<section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<webServices>
<soapExtensionImporterTypes>
<add type="Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</soapExtensionImporterTypes>
<soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory,Microsoft.Web.Services3,
Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</webServices>
</system.web>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
</microsoft.web.services3>
Add the Policy file and configure the Policy: add a config file to your project, ‘FileName.config’, then add the following tags to it:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<policy name="KerberosService">
<authorization>
<allow user="Mawhiba\Akram" />
<deny role="*" />
</authorization>
<kerberosSecurity establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
Apply the policy on the web service: by adding the following code before the service class:
[Policy("KerberosService")]
Credit for this goes to Akrumooz.
https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero
Check the link for more info.

configuring the .net adfs claims aware sample application

attempting to get the sampleapp (a claims aware web forms application) available from mircosoft https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachements/01/8598/00/00/03/64/54/88/SampApp%20and%20Rules.zip to run on our web server.
our adfs server is www.fedsvc3copa.beta.pa.gov
the sample app is hosted at application is https://costa.beta.pa.gov/
our federation metadata is https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml
unfortunately believe I have something/s incorrect in my web config and struggling to find it. when I browse to https://costa.beta.pa.gov/ I receive
WIF10201: No valid key mapping found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'. Description:
An unhandled exception occurred during the execution of the current
web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details:
System.IdentityModel.Tokens.SecurityTokenValidationException:
WIF10201: No valid key mapping found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityTokenValidationException: WIF10201: No valid key mapping
found for securityToken:
'System.IdentityModel.Tokens.X509SecurityToken' and issuer:
'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'.]
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken
token) +1461
System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken
token, Boolean ensureBearerToken, String endpointUri) +135
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase
request) +666
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object
sender, EventArgs args) +467
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +195 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously) +88
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.7.3163.0
I have included my web config below if anyone notices anything that is incorrect.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<machineKey decryptionKey="5D497CFB20EB5927CB3FC44F65DBD3C6D6C366ACFCF20DC5" validationKey="80546F84BEDD8B38A995CCDD44E01C1794861685E605ECBFB5A231EAA7EAD9A99977312362EBDD2B9727F9357AF9A161F97AD49DD6E34E7CFC22D572BD4B90FD" />
</system.web>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" />
<add key="ida:ProviderSelection" value="productionSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://costa.beta.pa.gov/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="?I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust">
<keys>
<add thumbprint="I put my thumbrint here " />
</keys>
<validIssuers>
<add name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" realm="https://costa.beta.pa.gov/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>

From memory, it's because that certificate that matches that thumbprint isn't in the certificate store - local computer.

WIF to a separate domain via AJAX

We have sites running in two separate domains, one is a secured API the other is a frontend website. We want to be able to do an ajax request from the website to the API using the currently logged in users credentials.
To do this I did all the necessary CORS bits to be able to pass our cookie to the API, however when the API tries to process the cookie it cant decrypt it. My understanding is that this is because the realm doesn't match correctly.
The error I get when I try and do this is as follows:
InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.
If I manually make the same request with a cookie with the :1444 realm everything works correctly (so I think the loadUserProfile stuff is a red herring).
I think the issue is that I cant reuse this cookie for another realm. but if this is the case how can I perform this delegation in javascript? Is it actually even possible without actually redirecting the user to STS to get a cookie for the other realm? Is there a better way to approach this javascript delegation?
Useful Supporting data:
The configuration of WIF for our API end:
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="1:00" />
</add>
</securityTokenHandlers>
<audienceUris>
<add value="http://localhost:1444/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:1339/account/sign-in" realm="http://localhost:1444/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
<cookieHandler requireSsl="false" path="/" name="TheCookieMonster" persistentSessionLifetime="60" />
</federatedAuthentication>
<applicationService>
<claimTypeRequired>
<!--This claim gets mapped to the User.Identity.Name-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="false" />
<!--Some Other Custom claims-->
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="a_thumbprint_key_for_our_cert" name="http://localhost:1339/" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
The config of WIF at the website end:
(Same but with :1337)
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="1:00" />
</add>
</securityTokenHandlers>
<audienceUris>
<add value="http://localhost:1337/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost:1339/account/sign-in" realm="http://localhost:1337/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
<cookieHandler requireSsl="false" path="/" name="TheCookieMonster" persistentSessionLifetime="60" />
</federatedAuthentication>
<applicationService>
<claimTypeRequired>
<!--This claim gets mapped to the User.Identity.Name-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="false" />
<!--Some Custom claims-->
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="a_thumbprint_key_for_our_cert" name="http://localhost:1339/" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
What the net tab looks like:
I think this is cancelled as JS has detected some kind of security nonsense going on.
Machine key is shared across both sites
Both are running WIF 3.5

We did manage to sort this out by upgrading to WIF 4.5 which worked perfectly with no special modifications. I'm not too sure what the root cause in 3.5 was but this has closed the issue off for me. If someone wants it I can post a sample with this working to GitHub

ASP.Net Linq to Entity: The underlying provider failed on Open

I seem to be having a recurring problem. I get it all working and then this happens again a few days later. I havn't done anything to touch the entity framework or the database that is now failing. The instantiation of the Entity edmx is working but I get the following message when trying to execute a query to the database. The way I've solved it is by deleting the databases and clearing out the SQL MGMT Studio and adding them in again and refressing the edmx file.
I have 2 project: DataLayer where my entity framework definition exists, Business Logic and UI. I noticed there are some differences between the web.config between my DataLayer and the UI and don't know if that's a problem. The database was added to the App_Data folder in the DataLayer. The solution keeps adding a copy of the database to the AppData folder in the UI and addes a numberic extension to the filename in the Server Explorer( In the BL the filename is FCGuide.mdf, in the UI is was anmed FCGuide.mdf0 -- don't understand that).
Today I have deleted the database from the project and from the SQL SErver Management Studio and then tried adding it in again without a resolution. I have provided the web.config but not sure what else is needed to help with the troubleshooting. Thanks in advance.
WEB.CONFIG file from the UI:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings>
<add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
</appSettings>
<system.webServer>
<handlers>
<remove name="ChartImageHandler" />
<add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST"
path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</handlers>
</system.webServer>
<system.web>
<authorization>
<allow roles="ADMIN" />
<allow roles="MEMBER" />
<allow roles="GUEST" />
<allow roles="RESTAURANT" />
<allow users="admin" />
<allow roles="MEMBER" />
<allow roles="GUEST" />
<allow roles="GUEST" />
<allow roles="ADMIN" />
<allow users="admin" />
</authorization>
<roleManager enabled="true" />
<authentication mode="Forms" />
<httpHandlers>
<add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
validate="false" />
</httpHandlers>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</controls>
</pages>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings>
<add name="FCGuideEntities" connectionString="metadata=res://*/FCGuide.csdl|res://*/FCGuide.ssdl|res://*/FCGuide.msl;provider=System.Data.SqlClient;provider connection string="data source=.;attachdbfilename=|DataDirectory|\FCGuide.mdf;integrated security=True;user instance=True;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
Web Config file from the DataLayer:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
</system.web>
<connectionStrings>
<add name="FCGuideEntities" connectionString="metadata=res://*/FCGuide.csdl|res://*/FCGuide.ssdl|res://*/FCGuide.msl;provider=System.Data.SqlClient;provider connection string="data source=.;attachdbfilename=|DataDirectory|\FCGuide.mdf;integrated security=True;user instance=True;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>

"The underlying provider failed on Open": this means the connection string didn't work to allow ADO.NET to open the database.
So the provider connection string:
data source=.;attachdbfilename=|DataDirectory|\FCGuide.mdf;integrated security=True;user instance=True;multipleactiveresultsets=True;App=EntityFramework
needs some work. If you create a test page that uses SQL Connection on that string can you open and perform a simple query?
(Ie. strip things down to as few moving parts as possible).

Activation error occured while trying to get instance of type LogWriter

I am trying to using the Logging Application block of Enterprise Library 5.0 to log simple message to the Windows event log on Win XP SP3 system using:
Logger.Write(msg);
I get the "Activation error occured while trying to get instance of type LogWriter" error message when trying to log.
Shown below is the config file used with MS Enterprise library
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true" />
</configSections>
<loggingConfiguration name="" tracingEnabled="true" defaultCategory="General">
<listeners>
<add name="Event Log Listener" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
source="Enterprise Library Logging" formatter="Text Formatter"
log="Application" machineName="." traceOutputOptions="None" />
</listeners>
<formatters>
<add type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
template="Timestamp: {timestamp}{newline}
Message: {message}{newline}
Category: {category}{newline}
Priority: {priority}{newline}
EventId: {eventid}{newline}
Severity: {severity}{newline}
Title:{title}{newline}
Machine: {localMachine}{newline}
App Domain: {localAppDomain}{newline}
ProcessId: {localProcessId}{newline}
Process Name: {localProcessName}{newline}
Thread Name: {threadName}{newline}
Win32 ThreadId:{win32ThreadId}{newline}
Extended Properties: {dictionary({key} - {value}{newline})}"
name="Text Formatter" />
</formatters>
<categorySources>
<add switchValue="All" name="General">
<listeners>
<add name="Event Log Listener" />
</listeners>
</add>
</categorySources>
<specialSources>
<allEvents switchValue="All" name="All Events" />
<notProcessed switchValue="All" name="Unprocessed Category" />
<errors switchValue="All" name="Logging Errors & Warnings">
<listeners>
<add name="Event Log Listener" />
</listeners>
</errors>
</specialSources>
</loggingConfiguration>
</configuration>

I just wanted to add this error may be caused by another configuration issue. Make sure to look at the inner exceptions for this error. In my case it was:
"The type Database cannot be constructed. You must configure the container to supply this value."
To resolve this I had to add a providerName to my database connection string in the web.config. So the final connection string node looked like this:
<add name="DBConn" connectionString="Data Source=ServerName;Initial Catalog=Logging;Persist Security Info=True;integrated security=True;" providerName="System.Data.SqlClient" />

I realized that I was trying to use Config file from within a DLL which does not work. I should be using FileConfigurationSource instead.
If I use the same App.Config from an application, it worked fine.

Reading the other answers to this question, and from my own experiences, in general it seems this error occurs when your application cannot read some required configuration for the Logging application block from a config file.
To add to the scenarios mentioned in previous answers, I've come across this error a couple of times:
1) In a unit test project, where I forgot to add an app.config file at all;
2) In a config file where I deleted a particular listener from the loggingConfiguration section but forgot to remove the name of the listener from the categorySource that referenced it.

It is missing DLL; pay attension when you place your DLL's at GAC you may need to add more DLL's to GAC . Common, Data, Logging, Logging.Database and ServiceLocation DLLS make sure they reside together in one directory

I've also seen this error when forgetting to add a reference to the EntLib DLL's.

I've had the same error when using a separate entlib config file.
In Web.config, enterpriseLibrary.ConfigurationSource pointed to EntLib.config. When I used the EnterpriseLibrary.Config tool to edit EntLib.config to set up the logging database details, it put everything in EntLib.config. I got this error until I moved the connetionStrings section to Web.config.

Additionally to examples of
Simon Tewsi
 I want to add my example, when logging configuration was located in a separate file but section descriptions were missed in app.config
   
<section name ="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging" />  
 <loggingConfiguration configSource="EnterpriseLibraryLogging.config" />