locked
token post back / 404 not found RRS feed

  • Question

  • Trying to model my own asp.net mvc version of FederationForWebApps W.I.F. asp.net sdk sample.  Made good progress until the I.P. STS posts the security token back to the F.P. STS.   At that point I get a 404 error.   It's like the F.A.M. ignored the POSTed token for some reason.  I checked my web.config and the FAM/SAM modules are indeed registered.  The URL that is posted back to represents the wreply param value in the original request.  Perhaps, using a WREPLY is causing some grief?  Anyone else seen this problem before?   thanks

    POST /sts/federateduser/issue HTTP/1.1     <--Wreply url in original signin request
    Host: localhost:82
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.38 Safari/532.0
    Referer: http://localhost.:84/identityprovider/fedauth/signin?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a82%2fsts%2fwsfederation%2fsignin&wreply=http%3a%2f%2flocalhost%3a82%2fsts%2ffederateduser%2fissue&wctx=wa%3dwsignin1.0%26wtrealm%3dhttp%253a%252f%252flocalhost.%253a81%252fzfp%252f%26wctx%3drm%253d0%2526id%253dpassive%2526ru%253d%25252fzfp%25252fdefault.aspx%25253fwhr%25253dhttp%2525253A%2525252F%2525252Flocalhost.%2525253A84%2525252Fidentityprovider%2525252Ffedauth%2525252Fsignin%26wct%3d2010-01-06T02%253a01%253a33Z
    Content-Length: 9918
    Cache-Control: max-age=0
    Origin: http://localhost.:84
    Content-Type: application/x-www-form-urlencoded
    Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Encoding: gzip,deflate,sdch
    Accept-Language: en-US,en;q=0.8
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

    wa=wsignin1.0&wresult=%3Ct%3ARequestSecurityTokenResponse+Context%3D%22wa%3Dwsignin1.0%26amp%3Bwtrealm%3Dhttp%253a%252f%252flocalhost.%253a81%252fzfp%252f%26amp%3Bwctx%3Drm%253d0%2526id%253dpassive%2526ru%253d%25252fzfp%25252fdefault.aspx%25253fwhr%25253dhttp%2525253A%2525252F%2525252Flocalhost.%2525253A84%2525252Fidentityprovider%2525252Ffedauth%2525252Fsignin%26amp%3Bwct%3D2010-01-06T02%253a01%253a33Z%22+xmlns%3At%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Ct%3ALifetime%3E%3Cwsu%3ACreated+xmlns%3Awsu%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-utility-1.0.xsd%22%3E2010-01-06T02%3A02%3A05.810Z%3C%2Fwsu%3ACreated%3E%3Cwsu%3AExpires+xmlns%3Awsu%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-utility-1.0.xsd%22%3E2010-01-06T03%3A02%3A05.810Z%3C%2Fwsu%3AExpires%3E%3C%2Ft%3ALifetime%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3CEndpointReference+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2005%2F08%2Faddressing%22%3E%3CAddress%3Ehttp%3A%2F%2Flocalhost%3A82%2Fsts%2Fwsfederation%2Fsignin%3C%2FAddress%3E%3C%2FEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3Ct%3ARequestedSecurityToken%3E%3Cxenc%3AEncryptedData+Type%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23Element%22+xmlns%3Axenc%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%22%3E%3Cxenc%3AEncryptionMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes256-cbc%22+%2F%3E%3CKeyInfo+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3Ce%3AEncryptedKey+xmlns%3Ae%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%22%3E%3Ce%3AEncryptionMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23rsa-oaep-mgf1p%22%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22+%2F%3E%3C%2Fe%3AEncryptionMethod%3E%3CKeyInfo%3E%3Co%3ASecurityTokenReference+xmlns%3Ao%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22%3E%3CX509Data%3E%3CX509IssuerSerial%3E%3CX509IssuerName%3EDC%3Dcriticaltech%2C+DC%3Dcom%2C+OU%3DiMagio+Development%2C+CN%3DCritical+Technologies+External+Token+Encryption+Cert+%28FOR+TEST+ONLY%29%3C%2FX509IssuerName%3E%3CX509SerialNumber%3E148167208492236375272450287248415658917%3C%2FX509SerialNumber%3E%3C%2FX509IssuerSerial%3E%3C%2FX509Data%3E%3C%2Fo%3ASecurityTokenReference%3E%3C%2FKeyInfo%3E%3Ce%3ACipherData%3E%3Ce%3ACipherValue%3EIY9JSsT4k88P6xB26uJ8BaRf3j%2FvqJsIki13RjHmJTD80WPY3rjBeJRmdgV15%2Fo2OxpojIivix2BPn2jBROSgQubEJ%2BM%2B5B5f3SFsvUiVY0nnEZpp4uOKYgUn5hnkZLEbVTcLKlFnKL8cgwlbibloj3Q8oXXKbgFuGJ0yYYqsGg%3D%3C%2Fe%3ACipherValue%3E%3C%2Fe%3ACipherData%3E%3C%2Fe%3AEncryptedKey%3E%3C%2FKeyInfo%3E%3Cxenc%3ACipherData%3E%3Cxenc%3ACipherValue%3EKDJgVR7n890G%2Bj2sIZG2MG7dfeqIAdj2a1UvKv3KzMiYtmbdQWG50vtPtxr0%2BKdpKwbruXgIVTeiGlhTdzCVyFP1nqy%2Bsl0qFImlu1mvUJFfBhsIkd2PUCy1cyQtuSrQCmsn2%2FYf6QwlBDkXRrBuGVCdGSIlD1vh%2BcqOedkHmBOEqvJylPT5hE4rqIj02iU7CbBWpSlQgdJiF6SxLB1CNtXVgZW3u3iOTPYrcL%2FUJhshqHIivAgUKJBwMqas0c%2BAI7NGo9J1N1Z674q7AXNy6aLx%2FDl3oEbc0gyHt%2BDLgV0ihcj7fEOPIvrVm17%2FkXeoZclDhx9iQPq4snZcWM3YsAenk97Bhc09GwbsDoExyC0LIqLJEy9haR20W4mDAvsWItUGFCu5AowXt4TvPJUHQ4DqCaP2f2g2un5KbKEZkFXaAiSmtb5JkH%2FU0wW7NRDlrUNWw%2F2BtQDaoOmxP9tV9P7zujVNMgUbTGYKCsz2Rsy1y3M6o7zL2AU4hOLywL%2B8c5ma6iuX2LVsHZCbRX98TwYA6dDfI%2F4KByg0YBPJutQPLtzGzzbMegZd5zbB40NQo9Qmk6DO8GGoCUgwR6r7NIkNB872ghj6yctYWc4fOmtePeRP4TMUjEP8Z0Y39VznLwh790zNv0L02XlHDYvesSRsh5QBYlY%2BbMT%2B7lyj78G%2Fhv5o4XOAdf9DbCDo18JBV65z6qtO6UtiXRc3MSNo6PYi9Z4eKf%2Fkw6iHhsIVzNLqEC67k%2Fb53lfAPmh%2Bn4FaITPuqlyThAQdxSdaxXZmgqT%2BGFqeiPoHtOSweOnbZEMmlgdT6E7Yg8d0i8FOuxvhFGaktTGLuQ7YdKubDMzsuPRki4m%2FTQU4H4hOcrUnIlupZJ3%2Bq2EnCBcmsnH4ePa7SSDJ5M4zNWB%2F1e61uxqkMHLQEcyrJ4kThlTw5UjN9l3if1A%2Fxa6NHJELEjtg7bz8bFNBLgcYj0O74O7EUIrpdOIkgnXxcZ3Rflf%2FcAfegkUbSqw2nPX0J8GFRMnH7v3JWC2T9jemNytewO11jla27w9yyO%2B%2F9qqCohcDR21WmCIecRt2O0CKl3o6br398hzACbS%2FYOg8qrzZCrNFy67Sh0qr4OkRGJ8eo3f%2BBxDIRj1igY1xQ7FthRp%2BnsLXe5uXr7o6EnkAMovDpM7XAfFOtD4T3okpOV9vwFmbGwuKHeIQOUJbK1WmhZKgCNgRILusfBce%2BFvtt0LQojJz3y99sPMJK3OgrxaMA9uO%2BWqeSjqmPhhPdbqEvp6aQRKkMYBTNGENWHNS9X4rnz5kf5ddnyf2NCndVY3w8iXdrRj3j5mZA67XNocQzcElYMMTfgExJOysVxgZyeSNoue7pgXJg3nHhxHcLrGa7dOKflaUeyjriJbfKC7lSGGHZs5N1X2c5vuPEXmfQlWmQmkm%2Bm%2FP9tgnhIBaQOnrqtW3c3hTY5HTx%2F0udyPNNpA0xeFlbyrMMQY6T4IsGIOIdH0mKCXjVTNPnL1cZOaxgoZfcuuCMn6XYMkMDmZG2HxHjGF7pnATWEfS%2B7PclkO0W4tB2%2FE7%2FatbKyN9O2sccu%2FsEy%2FJuN8kNeX01hURoVpurqRlRX80wTMtGjy4Ym0H3QVW7blMrvwJmpFHuRyQQm6rVo5zfpjldcTGF3kH6JPjHr0CYjNzeswkDQCiYPoR6wtqJiGOAE6D7YoreoGB5qnHe6AKczLEhy%2FtCkGACmQzaus0sUu8chWEKZT15LdMbj5KAueuZjiKWt59w%2BrAKyxX%2BzuKKmSZjdc0fYlTWRMI50W1mHDEk63uKPuHV0bvEuuFNnbdKN35SOrA5ctoyOgtVLx700V43r9npa86WyUxmcRPjfSfsDqTt4Z57iDFXm7aUIcFeGpZug2mWwxjA4U0%2FqMdPDbfVUzVdSafRRijtp97IGyCBV5WNdvGJhoMEtqWHkcGi%2B%2B2HNqt6Df0LXjW9EjemJFmdtsXgDQeRoYC8YGP43OyXvX9YavPvfBFQiMDusdaep762Od68bAG5r5u43aYsOzNtdwbirXTWL%2FN6T8fI98ZH1V8tIbxSW8x0HbT1jZ5BKnmXxWioXbvOBmRD5B%2BLS5jBY2jtBdCBhWwy1vGoPNjrT%2BGapRuxxOXtPMHPw6eOLmiB%2BumvbmAS28XZ1%2BgSwwSyv1kQh2%2Bhvpdn5K7OlXp74sZgWnuzIufJCF93DrzpTN3vjTGo2XGfigYFce8WpnWB%2BkLDkzWQQGaHCSmzIkmRyHSxSIDFLcENn5yHcsl88UW2vkCR%2B3wZ%2BZmshNUvu2MpWHqoWGEMs2Nw6w%2FKHQ%2FgRhXxLtFiAUXD0FW%2B%2BQWMtU06KuKaHn7qS4crHw88n5agdw%2FbFl7AEAMf%2BnARolG7JYf9cyiK8l%2FAAfiZEwHRa3airfszmEouy4HURanULc6aOKF3tolmZcVvkXnMsxzS6pA4RXjosP6CifbnTzodMyKhm5nllF0u9noNQxXfFRqxxrzIo8POXYdlolVDwUz%2FfS9nkoaPxdxj30tCUfUIHWeELVkMvq96bGm72VczT%2Bjf9qeZ1cJQQCF174SYgy7t7WB0jCUs5RHDDofyi46jwWhquxysxHRCTfHSwVBwsz8ZbsHfHnE1bxUYchV8%2FAYYw5k7ZCHnvZocuRo%2FNLsUr%2BZXgR%2FOz8DI%2BLPFjmFPJnylQ1U4YgKk0S3K1wPeullBgBXGdOISBRcRr%2FTC8p476fQZRryNF1jJAuNMuPZ1ywA9dxNhM95Rv3G%2BEY3MidPbs1js7Ap9MRSLxDVKqqTik4yzzVrzj0G19Y5uw%2BnbWEzL0ykdxnlnXQXUWoSI%2FP064UanRj1DXzX8pM9jFHVEwoCkDsndlgOa8e9vJVSstdW0yf2NR9nYPggp21Ot%2F4pMykdvHLasghzqYW9OZ6gyMTgB%2BXZ2aBFBAHoJaOXF1WktdtuknzOHIdrg1zB0eWjbP2pId%2FM3YZ9dmkR9ocGM1IOSZS6Ys5Vga9On3fWefW5OK8djUBtqRf0rwbj0Qrq6%2Bk%2BtOsbAv7oQlgJb%2BxSQk2QDMpE4Gr1Z7eNJIp0SjNs5NN%2FYBwWiIrmMjx4EB9xIkwzb6lvfOThzjXlezENtk65lbLTK14hRFWZ3sk3K1tTqtuWJ2bQN085Pno4le1DnIFkp7DtvYx4Nh4prgrz%2BGmNKp7DF39E7IqfsKdVTqkTL%2Ft4Z5VxbIMRxb5BmN7b%2FnYqBDUUdsdpoxin7x9t22AFjUvFK5wDY6coyYlNYUyE7Qm5jVcKN7gE8czdRHQVrbtLhj%2FDtuIZQ1pNjbJ5H4bILkAd0R%2Bw4YNvIzcnjYrX3iSPNHUnlPPtfbOur1ngyqXDpukvDMtKR6e1C%2FM3f1qUvwiExjTXUHc8DHUa9vk8QJVzxxuoGyFet18lY1qmYc%2FcwQcrQYeDBN95Ty5vrIujw4P7Wi7GYMfKDmV%2Fc0vZHri8Ty2gOA7o9JQZjzv2VbdW86Et%2FQctBrkJa3K21Sgde%2BEivAiVMPf7Dkjt5ptNV0lhW6Zhab9RS5Wy%2F6vHKPam370CuTARIhsRsCnvEryxZInPZSgCHNVg98YLiIvBqtxoLgPFnuRTdjeJVooy5BjtBS1iHXN54BJzdzhq7SxE88rkBw2N1Rsh0qv4vdvQ%2Bfus5679tZ5yviolDCFHPJXESLVKlVhHTSVSsU8Uesk%2FPuVR3Il3gEDy4KDwAUGxTb0ecN1D8HpOMZb9T9wsGuI%2BHmZsFjtdb4EazGtfwtESXEzAOOWAOFhBjKaXOt8gJVeDaKH2z9OzJ3aLY%2BgGKMqb4abPxKNQb9pgxbPXQ9z7heD7J9Ffef0JoFWqUGrx5Cmnx28eCwcCJ%2FelhusYm9VDPacmYtvu3Ds3gkoKxVkSgkNFbDnlj5cdb%2FhyCTvZM0y9I%2FvENRde0vfxbJN5Glxr%2BhmdUEwu2JC%2F1FrC0B9ZQgQLEEgBBOmJ%2F5K%2BbHchTVBn%2BEmgRH%2BhGhRRPbBXG%2F2h7N5Jv2P2c6xPSSFSrRxvatMied5W8W1HxUD7rt%2FD%2BNcv6sacTrfIcPNwsuhQoDzy%2FdYK8MuVEhi5Jzrf3O1jfLwrV4r2sMMaoe5UocaZzDR%2FSGHJMnsJjIRmyMWayV0Cl92agMxQYkBIApuaeGljHfh19mNVZp78pn%2BBs%2FVv1jlrJyp0ue1Ob8xoguBBFhNuQO%2FkTvFKVyzcEgumoYXCiwuDp27LSFiOsDOxXMlvbS5wMkgwRtBFGTnP%2ByihasQqcjsZpTOCd4oRoqI5Tn9HcHCyrezbsnDlBvX5ozJ4Ks72L5Uh062mM4VUHkZVrUqNLw69XPAdb9wgIi69fM8DNZp6vQckjC76W5qpGIGEORu0f%2FPHfbq7snBdTPYCJ9UD4ukx8qx%2FEHoJio81rpbEjJsTYZBaiLTXWXXBp0svG%2BBH1tHpOOkEVery1bmQQyivtT8aDwf61vcOSWgrLsc5PY2l4IGICx%2FIIsSuouhvAWIQYkwKpH4ZF0ixDdXnD6wnRJZPR9lafGGshEQRYYflc6GzTfLBL331jAUURf0fbL%2BDZtoPrdVT3nQtFP942Bjyl6KYevq%2BR2nay0%2F29k6jBWZgZIpoHUKTGqPtYokWoM2ZyRzYMWyuU2nAkU7IQP1gZZWLyvjaIWVozfMl2SYQNTnElm1brzPY4e2Zw0qdByXrs43mbobOOaNAQN29mZnC80eVtR%2FpBJGfyWSnrKTnWrYiQEe%2FxokG2qEVrBHX8i4CHo7GlUMkCOEw09eeFaeHH61YX2kD3wD36Z1ItAsDesPzAtaYLTf5wWweWC7PAbtWRHM3CxYX6b%2F%2FrQYvvFAIT8LfMrDlBVyES4ze7MI2%2BQGPsJD1NvGTm4Aaou0qXVHdxm136L8MJHCSbF%2F6ei26NJ%2BQosQ9BhBc9rM8IsbvQuEUY2mZ%2FGS1sT1casR4rotM1bHj1NzVgpDYqGokfygV1zeTy5Bi0jONB58Cmxjylm7Uxb6eQcJ40n6u2feQdG8JGCbSljPWvcjjfPlp9IciecIup3858t6mDPHY2e%2BY%2Fb7iiLTXMSyBZrbboiwKbq%2BJHpOBIq%2FWVCplDxy1BNYALIP%2Bq9Wjxwe8NFBg20iWz7woW7EWxKgcFqTsjxFj8c0ALP6I%2BHtKUQrxxzsy%3C%2Fxenc%3ACipherValue%3E%3C%2Fxenc%3ACipherData%3E%3C%2Fxenc%3AEncryptedData%3E%3C%2Ft%3ARequestedSecurityToken%3E%3Ct%3ARequestedAttachedReference%3E%3Co%3ASecurityTokenReference+xmlns%3Ao%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22%3E%3Co%3AKeyIdentifier+ValueType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.0%23SAMLAssertionID%22%3E_565bd20f-b81a-44f7-8189-c7e423354bdb%3C%2Fo%3AKeyIdentifier%3E%3C%2Fo%3ASecurityTokenReference%3E%3C%2Ft%3ARequestedAttachedReference%3E%3Ct%3ARequestedUnattachedReference%3E%3Co%3ASecurityTokenReference+xmlns%3Ao%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%22%3E%3Co%3AKeyIdentifier+ValueType%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2Foasis-wss-saml-token-profile-1.0%23SAMLAssertionID%22%3E_565bd20f-b81a-44f7-8189-c7e423354bdb%3C%2Fo%3AKeyIdentifier%3E%3C%2Fo%3ASecurityTokenReference%3E%3C%2Ft%3ARequestedUnattachedReference%3E%3Ct%3ATokenType%3Eurn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%3C%2Ft%3ATokenType%3E%3Ct%3ARequestType%3Ehttp%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%2FIssue%3C%2Ft%3ARequestType%3E%3Ct%3AKeyType%3Ehttp%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2FNoProofKey%3C%2Ft%3AKeyType%3E%3C%2Ft%3ARequestSecurityTokenResponse%3E&wctx=wa%3Dwsignin1.0%26wtrealm%3Dhttp%253a%252f%252flocalhost.%253a81%252fzfp%252f%26wctx%3Drm%253d0%2526id%253dpassive%2526ru%253d%25252fzfp%25252fdefault.aspx%25253fwhr%25253dhttp%2525253A%2525252F%2525252Flocalhost.%2525253A84%2525252Fidentityprovider%2525252Ffedauth%2525252Fsignin%26wct%3D2010-01-06T02%253a01%253a33Z

    HTTP/1.1 404 Not Found
    Server: ASP.NET Development Server/9.0.0.0
    Date: Wed, 06 Jan 2010 02:02:10 GMT
    X-AspNet-Version: 2.0.50727
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 2634
    Connection: Close

    <html>
        <head>
            <title>The resource cannot be found.</title>



    Wednesday, January 6, 2010 2:16 AM

Answers

  • Ah, finally figured it out.   Turned out to be a simple problem.   I forgot to apply the HttpVerb.Post attribute to my controller action.   Here is the new/corrected version:

      [AcceptVerbs(HttpVerbs.Post)]
      public ActionResult Issue()
            {
                if (IsAuthenticatedUser)
                {
                    return IssueSecurityToken();
                }

                throw new UnauthorizedAccessException("You must first be authenticated before a security token can be issued.");            
            }


    • Marked as answer by scott_m Wednesday, January 6, 2010 3:03 PM
    Wednesday, January 6, 2010 3:03 PM

All replies

  • Is /sts/federateduser/issue an actual page? I would expect something like /sts/federateduser/issue.aspx. If not, it's possible IIS is rejeting the request before it can get to the HTTP modules. You can change an IIS setting to allow it to send a request on, even if no physical page exists, but our samples typically do have a page which creates the response.
    Wednesday, January 6, 2010 6:03 AM
    Moderator
  • federateduser is the mvc controller.  issue is the mvc controller action.    Using Cassini to debug currently.

    thanks

    scott


    Wednesday, January 6, 2010 2:14 PM
  • Ah, finally figured it out.   Turned out to be a simple problem.   I forgot to apply the HttpVerb.Post attribute to my controller action.   Here is the new/corrected version:

      [AcceptVerbs(HttpVerbs.Post)]
      public ActionResult Issue()
            {
                if (IsAuthenticatedUser)
                {
                    return IssueSecurityToken();
                }

                throw new UnauthorizedAccessException("You must first be authenticated before a security token can be issued.");            
            }


    • Marked as answer by scott_m Wednesday, January 6, 2010 3:03 PM
    Wednesday, January 6, 2010 3:03 PM