Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Feb 2007 13:43:44 -0600
That's really weird. I haven't actually tried to use VS.NET on a machine
that actually had ADFS installed and I don't like using the built in web
server in 2005 as it often gives very misleading results due to the security
context it runs under. As such, I don't have any experience with any weird
quirks that one runs into with this type of set up.
It doesn't make any sense at all to me why this would work with your local
IIS but not with built in web server unless ADFS takes some specific
dependency on IIS that I'm unaware of. That is certainly possible though,
so that could be the crux of the issue. If you had a full stack trace of
the error you are getting, I could try to go dig around in the code and see
if I can figure what's up.
I'd suggest running in IIS exclusively and try to set up your dev
environment so that you aren't using the built in web server. :) You can
definitely still debug in this setup (just like you could in 2003 VS), so
that shouldn't be a limiting factor (although you may need to attach to the
process manually to make it work).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B5C62BF4-B4AB-4524-98B1-5E2C779A6DAA@xxxxxxxxxxxxxxxx
As an additional troubleshooting measure, I copied over the default.aspx,
default.aspx.cs, and web.config from the MS ADFS Step by Step guide
document.
These sample files produce the same error when attempting to run the
applicaiton inside Visual Studio 2005. Starting without debugging produces
the same error.
The project builds, but will not run with the HTTP Module section included
in the web.config.
Interestingly enough, the sample code runs fine as long as the web browser
session is initiated outside visual studio.
If the HTTP Module section is removed, the sample code will run inside
Visual Studio, but will report "Single Sign On isn't installed"
"Joe Kaplan" wrote:
It looks fine to me. Assuming that ADFS is installed on the machine you
are
testing with I don't see an immediate reason why it would not work.
Is there any additional information you can provide about how you have
your
dev machine set up or any other error into available?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:94863762-F747-4396-9027-4BAF5E87BEEC@xxxxxxxxxxxxxxxx
Web.config is listed below. Thanks.
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<configSections>
<sectionGroup name="system.web">
<section name="websso"
type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</sectionGroup>
</configSections>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" defaultLanguage="c#">
<assemblies>
<add assembly="System.Security, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Security.SingleSignOn,
Version=1.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />
<add assembly="System.Web.Security.SingleSignOn.ClaimTransforms,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35,
Custom=null" />
</assemblies>
</compilation>
<authentication mode="None"/>
<customErrors mode="Off"></customErrors>
<httpModules>
<add
name="Identity Federation Services Application Authentication
Module"
type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule,
System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</httpModules>
<websso>
<authenticationrequired />
<eventloglevel>55</eventloglevel>
<auditsuccess>2</auditsuccess>
<urls>
<returnurl>
https://resourcewebservername.adfstestdomain.net:443/
</returnurl>
</urls>
<cookies writecookies="true">
<path>/</path>
<lifetime>240</lifetime>
</cookies>
<fs>https://federationservername.adfstestdomain.net/adfs/fs/federationserverservice.asmx</fs>
</websso>
</system.web>
</configuration>
"Joe Kaplan" wrote:
Please post your web.config. I should be able to tell. Note that you
need
a configuration section defined for the websso section in order for it
to
be
allowed in system.web. I'm sure that is in your sample app from the
step
by
step guide though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:2F524D62-8AE5-4987-9065-61DD79322BF6@xxxxxxxxxxxxxxxx
I have added all of the example sections from the Step by Step
document.
However, I wondered the same thing.
We do have a "working" claims aware setup in a lab that was built
using
the
Step By Step document. I say working just because we are not getting
this
same error. However, VS 2005 is not being used in this setup.
I am attempting to write my own claims aware application on my own
setup
which is also based on the step-by step document except for the fact
that
I
am doing my own web site using Visual Studio 2005 instead of just
coping
the
aspx file examples.
Before posting, I had copied the web.config from the working example
into
my
web site just to see if there would be any change in behaviour, but
no
luck.
The same error is generated.
However, I thought perhaps one important section may be the <websso>
entry.
I have tried to make sure this was setup correctly for my
installation.
I am wondering if it might be related to your theory that the
httpmodule
is
complaining about its configuraiton. Visual Studio is in fact
complaining
about the section and is giving me the following error in the IDE.
<i>The element 'system.web' has invalid child element 'websso'. List
of
possible elements expected: 'anonymousIdentification,
authentication,
authorization, browserCaps, clientTarget, compilation, customErrors,
deployment, deviceFilters....<rest of message truncated for
expediency></i>
However, it gives me the same error using the web.config pasted from
the
Step by Step example as well.
Currently, I am working with the HTTPmodule section commented out of
the
web.config. The code I am writing seems to be functioning thus far
without
this section. I am only writing some code that shows the various
properties
of the ADFS objects, so perhaps I will start running into problems
at
some
point.
Thanks,
Todd
"Joe Kaplan" wrote:
Did you add the rest of the configuration section stuff you need
for a
claims-aware app? It sounds like the HttpModule is complaining
that
it
can't find some or all of its configuration settings.
The sample app that you use in the step by step guide shows an
example
of
what the web.config should contain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Todd Fleenor" <ToddFleenor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:B661F04E-6CCE-4941-A064-77F746453769@xxxxxxxxxxxxxxxx
I am working on an Active Directory Federation Services (ADFS)
Proof
of
Concept and trying some sample code to show identity information.
I am using VS 2005 running on Windows Server 2003 R2 with IIS
6.0.
The ADFS Web Agent for Claims Aware applications is installed.
The
ADFS
Web
Agent for NT Token based application is not installed.
When I add the following section from the ADFS Step by Step
document
to
my
web.config, an execption is thrown.
<httpModules>
<add
name="Identity Federation Services Application
Authentication
Module"
type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule,
System.Web.Security.SingleSignOn, Version=1.0.0.0,
Culture=neutral,
PublicKeyToken=31bf3856ad364e35, Custom=null" />
</httpModules>
I have tried running the web site under the three built in
identities
provide with IIS 6.0, but it makes no difference. I don't want to
run
the
under a different identity, but its just a suggestion from the
error
message
text.
Has anyone seen this before? -Thanks
Error message below:
[WebSsoConfigurationException: The ADFS auditing subsystem could
not
register itself with the system.
The auditing privilege is not held.
The ADFS component will not be able to start unless it is granted
the auditing privilege.
User Action
ADFS components that write audits must be configured to run as
LocalSystem, NetworkService, or a domain principal that has
explicitly
been granted the "Generate Security Audits" privilege
(SeAuditPrivilege).
If the failing component is the Federation Service, configure the
application pool (ADFSAppPool) to run as an appropriate
principal.
If the failing component is the ADFS Web Agent Authentication
Service,
configure the Windows NT service to run as an appropriate
principal.
If the failing component is the ADFS Web Agent for claims-aware
applications, configure the application pool for the protected
application
to run as an appropriate principal.
]
System.Web.Security.SingleSignOn.NativeMethods.RegisterAuditSource(String
sourceName) +167
System.Web.Security.SingleSignOn.ADFSAuditProvider..ctor(String
sourceName) +38
System.Web.Security.SingleSignOn.WebSsoAuthenticationModule..cctor()
+40
[TypeInitializationException: The type initializer for
'System.Web.Security.SingleSignOn.WebSsoAuthenticationModule'
threw
an
exception.]
[TargetInvocationException: Exception has been thrown by the
target
of
an
invocation.]
System.RuntimeTypeHandle.CreateInstance(RuntimeType type,
Boolean
publicOnly, Boolean noCheck, Boolean& canBeCached,
RuntimeMethodHandle&
ctor,
Boolean& bNeedSecurityCheck) +0
System.RuntimeType.CreateInstanceSlow(Boolean publicOnly,
Boolean
fillCache) +103
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly,
Boolean
skipVisibilityChecks, Boolean fillCache) +261
System.Activator.CreateInstance(Type type, Boolean nonPublic)
+66
System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder
binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
+1036
System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes) +114
System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr,
Binder binder, Object[] args, CultureInfo culture) +23
System.Web.HttpRuntime.CreateNonPublicInstance(Type type,
Object[]
.
- Follow-Ups:
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- References:
- ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- From: Joe Kaplan
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Joe Kaplan
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Joe Kaplan
- Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- From: Todd Fleenor
- ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationException
- Prev by Date: Re: AD Migration, DHCP ?
- Next by Date: Re: ADFS System.Web.Security.SingleSignOn.SingleSignOnIdentity
- Previous by thread: Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- Next by thread: Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
- Index(es):
Relevant Pages
|
Loading
