Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Feb 2007 12:02:49 -0600
It looks fine to me. Assuming that ADFS is installed on the machine you are
testing with I don't see an immediate reason why it would not work.
Is there any additional information you can provide about how you have your
dev machine set up or any other error into available?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:94863762-F747-4396-9027-4BAF5E87BEEC@xxxxxxxxxxxxxxxx
Web.config is listed below. Thanks.
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<configSections>
<sectionGroup name="system.web">
<section name="websso"
type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</sectionGroup>
</configSections>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" defaultLanguage="c#">
<assemblies>
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Security.SingleSignOn, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />
<add assembly="System.Web.Security.SingleSignOn.ClaimTransforms,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35,
Custom=null" />
</assemblies>
</compilation>
<authentication mode="None"/>
<customErrors mode="Off"></customErrors>
<httpModules>
<add
name="Identity Federation Services Application Authentication
Module"
type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</httpModules>
<websso>
<authenticationrequired />
<eventloglevel>55</eventloglevel>
<auditsuccess>2</auditsuccess>
<urls>
<returnurl>
https://resourcewebservername.adfstestdomain.net:443/
</returnurl>
</urls>
<cookies writecookies="true">
<path>/</path>
<lifetime>240</lifetime>
</cookies>
<fs>https://federationservername.adfstestdomain.net/adfs/fs/federationserverservice.asmx</fs>
</websso>
</system.web>
</configuration>
"Joe Kaplan" wrote:
Please post your web.config. I should be able to tell. Note that you
need
a configuration section defined for the websso section in order for it to
be
allowed in system.web. I'm sure that is in your sample app from the step
by
step guide though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2F524D62-8AE5-4987-9065-61DD79322BF6@xxxxxxxxxxxxxxxx
I have added all of the example sections from the Step by Step document.
However, I wondered the same thing.
We do have a "working" claims aware setup in a lab that was built using
the
Step By Step document. I say working just because we are not getting
this
same error. However, VS 2005 is not being used in this setup.
I am attempting to write my own claims aware application on my own
setup
which is also based on the step-by step document except for the fact
that
I
am doing my own web site using Visual Studio 2005 instead of just
coping
the
aspx file examples.
Before posting, I had copied the web.config from the working example
into
my
web site just to see if there would be any change in behaviour, but no
luck.
The same error is generated.
However, I thought perhaps one important section may be the <websso>
entry.
I have tried to make sure this was setup correctly for my installation.
I am wondering if it might be related to your theory that the
httpmodule
is
complaining about its configuraiton. Visual Studio is in fact
complaining
about the section and is giving me the following error in the IDE.
<i>The element 'system.web' has invalid child element 'websso'. List of
possible elements expected: 'anonymousIdentification, authentication,
authorization, browserCaps, clientTarget, compilation, customErrors,
deployment, deviceFilters....<rest of message truncated for
expediency></i>
However, it gives me the same error using the web.config pasted from
the
Step by Step example as well.
Currently, I am working with the HTTPmodule section commented out of
the
web.config. The code I am writing seems to be functioning thus far
without
this section. I am only writing some code that shows the various
properties
of the ADFS objects, so perhaps I will start running into problems at
some
point.
Thanks,
Todd
"Joe Kaplan" wrote:
Did you add the rest of the configuration section stuff you need for a
claims-aware app? It sounds like the HttpModule is complaining that
it
can't find some or all of its configuration settings.
The sample app that you use in the step by step guide shows an example
of
what the web.config should contain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:B661F04E-6CCE-4941-A064-77F746453769@xxxxxxxxxxxxxxxx
I am working on an Active Directory Federation Services (ADFS) Proof
of
Concept and trying some sample code to show identity information.
I am using VS 2005 running on Windows Server 2003 R2 with IIS 6.0.
The ADFS Web Agent for Claims Aware applications is installed. The
ADFS
Web
Agent for NT Token based application is not installed.
When I add the following section from the ADFS Step by Step document
to
my
web.config, an execption is thrown.
<httpModules>
<add
name="Identity Federation Services Application
Authentication
Module"
type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</httpModules>
I have tried running the web site under the three built in
identities
provide with IIS 6.0, but it makes no difference. I don't want to
run
the
under a different identity, but its just a suggestion from the error
message
text.
Has anyone seen this before? -Thanks
Error message below:
[WebSsoConfigurationException: The ADFS auditing subsystem could not
register itself with the system.
The auditing privilege is not held.
The ADFS component will not be able to start unless it is granted
the auditing privilege.
User Action
ADFS components that write audits must be configured to run as
LocalSystem, NetworkService, or a domain principal that has
explicitly
been granted the "Generate Security Audits" privilege
(SeAuditPrivilege).
If the failing component is the Federation Service, configure the
application pool (ADFSAppPool) to run as an appropriate principal.
If the failing component is the ADFS Web Agent Authentication
Service,
configure the Windows NT service to run as an appropriate principal.
If the failing component is the ADFS Web Agent for claims-aware
applications, configure the application pool for the protected
application
to run as an appropriate principal.
]
System.Web.Security.SingleSignOn.NativeMethods.RegisterAuditSource(String
sourceName) +167
System.Web.Security.SingleSignOn.ADFSAuditProvider..ctor(String
sourceName) +38
System.Web.Security.SingleSignOn.WebSsoAuthenticationModule..cctor()
+40
[TypeInitializationException: The type initializer for
'System.Web.Security.SingleSignOn.WebSsoAuthenticationModule' threw
an
exception.]
[TargetInvocationException: Exception has been thrown by the target
of
an
invocation.]
System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean
publicOnly, Boolean noCheck, Boolean& canBeCached,
RuntimeMethodHandle&
ctor,
Boolean& bNeedSecurityCheck) +0
System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean
fillCache) +103
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean
skipVisibilityChecks, Boolean fillCache) +261
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder
binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
+1036
System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes) +114
System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr,
Binder binder, Object[] args, CultureInfo culture) +23
System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[]
args)
+37
System.Web.HttpRuntime.CreateNonPublicInstance(Type type) +27
System.Web.Configuration.ModulesEntry.Create() +25
System.Web.Configuration.HttpModulesSection.CreateModules() +208
System.Web.HttpApplication.InitModules() +66
System.Web.HttpApplication.InitInternal(HttpContext context,
HttpApplicationState state, MethodInfo[] handlers) +1171
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext
context) +301
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext
context) +131
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest
wr)
+212
.
- Follow-Ups:
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- References:
- ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- From: Joe Kaplan
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Joe Kaplan
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- Prev by Date: Migration from Windows 2000 AD to Windows 2003 AD plus Exchange
- Next by Date: Re: AD Migration, DHCP ?
- Previous by thread: Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- Next by thread: Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- Index(es):
Relevant Pages
|
Loading
