none
Error 500 with AccessControl RRS feed

  • Pregunta

  • Hello :

    I deploy in Azure  one application.

    This application is  under AccessControl.

    I configured the access control, and configure the aplication (Add CTS) , and generate the web.config, and Federation Metadata correctly.

    The problem is that  can`t access to the application  because  the error 500.

    the web.config with the configuration is that(some data was changed  with **** for security)

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
      <configSections>
        <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=**************" />
        <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=5.0.414.0, Culture=neutral, PublicKeyToken=null" requirePermission="true" />
      </configSections>
      <system.net>
        <mailSettings>
          <!--Mail Server-->
          <smtp from="***********.com">
            <network *********** />
          </smtp>
        </mailSettings>
      </system.net>
      <location path="FederationMetadata">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location>
      <system.web>
        <httpRuntime requestValidationMode="2.0" />
        <authorization>      
          <deny users="?" />
        </authorization>
        <authentication mode="None" />
        <compilation targetFramework="4.0">
          <assemblies>
            <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=********" />
          </assemblies>
        </compilation>
        
        <httpModules>
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=*********" />
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=********" />
        </httpModules>
            <machineKey decryption="AES" decryptionKey="******" validation="SHA1" validationKey="********" />
      </system.web>
      <appSettings>
        <add key="Theme" value="Default" />
        <add key="FederationMetadataLocation" value="https://**********.windows.net/FederationMetadata/2007-06/FederationMetadata.xml" />
      </appSettings>
      <dataConfiguration defaultDatabase="******" />
      <connectionStrings>
        <add name="*******" connectionString="*******" providerName="System.Data.SqlClient" />
      </connectionStrings>
      <system.webServer>
        <modules>
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=*******" preCondition="managedHandler" />
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=******" preCondition="managedHandler" />
        </modules>
      </system.webServer>
      <microsoft.identityModel>
        <service>
          <claimsAuthenticationManager type="*************.ClaimsTransformationModule, ********" />
    
          <audienceUris>
            <add value="http://****.cloudapp.net/" />
          </audienceUris>
          <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="https://****.accesscontrol.windows.net/v2/wsfederation" realm="http://****.cloudapp.net/" requireHttps="false" />
            <cookieHandler requireSsl="false" />
          </federatedAuthentication>
          <applicationService>
            <claimTypeRequired>
              <!--Following are the claims offered by STS 'https://****.accesscontrol.windows.net/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
              <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
              <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true"/>-->
              <!--<claimType type="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" optional="true"/>-->
            </claimTypeRequired>
          </applicationService>
          <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=***************">
            <trustedIssuers>
              <add thumbprint="**********************" name="https://**********.accesscontrol.windows.net/" />
            </trustedIssuers>
          </issuerNameRegistry>
          <certificateValidation certificateValidationMode="None" />
        </service>
      </microsoft.identityModel>
    </configuration>

    i execute the application in TS the azure Role and the information is that :

    This application defines configuration in the system.web/httpModules section


    Jose Adrien

    viernes, 23 de marzo de 2012 22:40

Todas las respuestas

  • Hi,

    This forum it's in spanish :) ... But, I thik that your problem is in the web.config... in IIS 7 usually  the App Pool don't Load profile information, you need edit the web.config, more info in this blog (it's in spanish :S sorry):

    http://geeks.ms/blogs/sergiotarrillo/archive/2008/06/05/87945.aspx

    Regards


    Nicolás Herrera
    Bogotá - Colombia
    BLOG - Leader Group BogotaDotNet
    "Daría todo lo que sé, por la mitad de lo que ignoro." Rene Descartes


    • Editado Nicoloco domingo, 25 de marzo de 2012 0:05
    sábado, 24 de marzo de 2012 5:32
  • Hola:

     Nicolás, ante todo gracias por la respuesta.

    Finalmente encontre la solucion al problema ,  ejecute el sitio por TS del webRol  y pude verificar que el error  era que no encontraba la dll  Microsoft.IdentityModel  .

    Solo se necesitaba publicar nuevamente  pero   seteando CopyLocal = true en la referencia a Microsoft.IdentityModel .

    Saludos.


    Jose Adrien

    lunes, 26 de marzo de 2012 12:41