FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse fails

Question

I am running through the SilverLight example in the TrainingKit April 2010.  Even If  I run the "End" completed versions it blows up in the boilerplate code when it calls 

 FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse

in the code below

                if ( User != null && User.Identity != null && User.Identity.IsAuthenticated )

                {

                    SecurityTokenService sts = new CustomSecurityTokenService( CustomSecurityTokenServiceConfiguration.Current );

                    SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( requestMessage, User, sts );

                    FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse( responseMessage, Response );

                }

I can't find out what's failing as the exception just says there's nothing on the stack to see??

 

Any ideas, why this would fail?

thanks

Answer 1

I have just noticed that I am getting that exception thrown as well, although I am just using an ASP.NET application I have created in VS2010 and added an STS to it.

The exception is: [System.Threading.ThreadAbortException] = {Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.}

I have seen this exception get thrown when you use a Response.Redirect with the endResponse option set to true. From the code created by the STS wizard, inside this function is where I am assuming the redirect to the original URL occurs. My application is still logging in successfully. However, the fact that an exception is thrown each time claiming an "unexpected error" has occurred cannot be the normal behaviour of this pattern?

Anyone else got anything to add?

Thanks Mark

Answer 2

Yes, this is a known issue. You can safely ignore the ThreadAbortException... it is due to the redirect

Answer 3

Gatecrasher

I assume if you wrap your code in a try block and either do a catch all as they have in the boiler plate code or specifically catch the ThreadAbort exception, your code should be ok.

Ciao
Mark

   try
   {
     if (action == WSFederationConstants.Actions.SignIn)
     {
      // Process signin request.
      SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
      if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
      {
        SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
        SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
        FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
      }
      else
      {
        throw new UnauthorizedAccessException();
      }
     }
     else if (action == WSFederationConstants.Actions.SignOut)
     {
      // Process signout request.
      SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
      FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response);
     }
     else
     {
      throw new InvalidOperationException(
        String.Format(CultureInfo.InvariantCulture,
                "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
                String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
                WSFederationConstants.Parameters.Action,
                WSFederationConstants.Actions.SignIn,
                WSFederationConstants.Actions.SignOut));
     }
   }
   catch (System.Threading.ThreadAbortException) {} // Thrown by redirect, safe to ignore
   catch (Exception exception)
   {
     throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
   }

Answer 4

I have the same problem.

Is this issue planned to be fixed in a hotfix soon?

Answer 5

Yes, this is a known issue. You can safely ignore the ThreadAbortException... it is due to the redirect

Even I am getting this error.

I have installed the latest September release of the Windows Identity Foundation Training kit.

I ran both the Begin (with the changes implemented as per Labs.docx) and End projects of WebSitesAndIdentity Example no 1. Both worked perfectly untill I did one thing.

What I did was deleted all browsing history from Internet Explorer.

After that when I ran the samples it threw the error as specified by Gatecrasher.

I searched for the solition but could not find anything helpful. So for right now I have implemented the Catch block as specified by Mark Duregon.

I hope that in near future Microsofty will profide some Hotfix for the Issue.

Thanks

Answer 6

Error #2 – Visual Studio STS template issue

The default template created by adding a new STS from the Federation Utility needs the line added in red below when debugging. A ThreadAbortException is thrown when the page redirects back to the calling web app. It is safe to ignore this exception.

in http://richardprodger.wordpress.com/2011/05/04/wif-configuration-challenges/

Answer 7

I'm still having an issue even if I catch and ignore this exception.  The STS isn't redirecting back to the relying party.  It's return HTTP status code 200 (OK) instead of 302 (Redirect) and I see the SAML token as XML in my web browser.  Has anyone else seen this?

UPDATE: I found out that this isn't supposed to be a true redirect (302).  The STS returns OK (200) and a form that tells the browser to automatically POST the SAML token and the original request back to the relying party as a separate request.  The reason I was seeing this form dumped to my screen is because I have a Silverlight app that uses WebRequest objects to communicate with the RP and STS and dump the response in a TextBlock on the screen.  If I'm going to continue down this path, my client side code needs to be smart enough to detect, parse and POST the form resturned by the STS.

---

Raymond Saltrelli | Software Engineer | Mapping Analytics

Answer 8

HI all,

I am also facing the same issue. When i catch it using 

catch (System.Threading.ThreadAbortException) {} it redirects to the relying party site but the tokens are not recognised by the relying party application. and it is redirected to login page on relying party.I am also getting the same status message 200 ok instead of 302.Can anybody tell me what to do??Mayur Rathi | Software Engineer |Persistent Systems

Answer 9

Finally I have configured the Relying party and my custom made STS and i found that this System.Threading.ThreadAbortException is not a road block(Its a known issue and no workaround provided) in programming . Just catch it and leave it. Program works fine.

I am still getting response status code as 200 ok but its fine. 

Answer 10

I have the same problem. I have a STS (generated thru Visual Studio by Adding STS Reference). This works fine (with and without catching & ignoring the ThreadAbortException) when I use it as IP without ACS. But when I configure RP to use ACS as STS Reference and configure ACS to show the old STS as an option for authentication, I get the following error (with and without catching & ignoring the ThreadAbortException). GOOGLE, LiveID authentication are working fine for this RP thru ACS.

Server Error in '/' Application.

---

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested URL: /