Updated samples for Visual Studio 2010 and .NET 4.0 - Release Candidate
Required configuration changes for IIS, DevFabric and Windows Azure
Both solutions 1-SingleSignOn and 5-WindowsAzure involves the a-expense.ClaimsAware project.
This solution is configured by default to run hosted in IIS, but the solution 5-WindowsAzure will run in a different environment (DevFabric and Windows Azure).
Please find the notes about the required required in the microsoft.identityModel section of the web.config of the a-expense.ClaimsAware project.
Cookies encrypted using RSA
As mentioned in the guide, the federation cookies are now encrypted using an RSA algorythm. This change enables the involved sites to support Web farm scenarios. This requires the following changed lines from the previous release:
protected void Application_Start()
FederatedAuthentication.ServiceConfigurationCreated += this.OnServiceConfigurationCreated;
private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
List<CookieTransform> sessionTransforms =
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
<certificateReference x509FindType="FindBySubjectDistinguishedName" findValue="CN=localhost"/>
Request validation in ASP.NET 4
ASP.NET by default validates all the POSTs done to the web application. This validation checks that the input is not dangerous. For instance, a piece of XML that is not encoded is considered dangerous for ASP.NET. A token is a piece of XML that is not encoded. To avoid getting an exception when the token is posted, you will add a class that will check if the input is a token. If it is it will return true and will let the request to continue. If not, it will throw the regular "A potentially dangerous Request.Form value was detected..." exception.
This class is called WsFederationRequestValidator and it is enabled through the following web.config line:
<httpRuntime requestValidationType="WsFederationRequestValidator" />