I have a situation where we have a MVC 2 application(I tried this with a basic MVC 2 app without any extra stuff, still same problem) and am using adfs 2 for authenticating my users.
So.. Now I get into my application and I get the below.. ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: Microsoft.IdentityModel.Protocols.FederationException: ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed.
I have read most blogs on this, and posted to one..
<federatedAuthentication> <wsFederation passiveRedirectEnabled="true" issuer="https://auth.[domain]/adfs/ls/" realm="https://[development domain]/[app]/" requireHttps="true" /> <cookieHandler requireSsl="true" /> </federatedAuthentication> <audienceUris> <add value="https://[development domain]/[app]/" /> </audienceUris>
I think it’s a problem with the fact it’s a MVC application, I have created numerous Claims Aware website and got my claims etc on the default.aspx page. My thinking is that the routing that is involved with the MVC app is somehow posting it back wrong?
any help really apprecaited as Im looking at this for quiet a while now to no avail..
J
I've been tearing my hair out on this one. I too have the trailing slash specified in my configuration. Turns out that, in my case, navigating to my app with a trailing slash in the browser like so:
http://localhost/myapp/
will work, whereas
http://localhost/myapp
will not.
If I can dig up some more reasons why this is the case, I will add some more background on why this is happening.
I override the RedirectToIdentityProvider
on subclass of WSFederationAuthenticationModule
. This happens only once before redirecting to the STS. You have to tell the config file to use this class FixedWSFederationAuthenticationModule
instead of the defualt WSFederationAuthenticationModule
public class FixedWSFederationAuthenticationModule : WSFederationAuthenticationModule { public override void RedirectToIdentityProvider(string uniqueId, string returnUrl, bool persist) { //This corrects WIF error ID3206 "A SignInResponse message may only redirect within the current web application:" //First Check if the request url doesn't end with a "/" if (!returnUrl.EndsWith("/")) { //Compare if Request Url +"/" is equal to the Realm, so only root access is corrected //https://localhost/AppName plus "/" is equal to https://localhost/AppName/ //This is to avoid MVC urls if (String.Compare(System.Web.HttpContext.Current.Request.Url.AbsoluteUri + "/", base.Realm, StringComparison.InvariantCultureIgnoreCase) == 0) { //Add the trailing slash returnUrl += "/"; } } base.RedirectToIdentityProvider(uniqueId, returnUrl, persist); } }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With