Samples adjusted for Visual Studio 2010

Rating: No reviews yet
Downloads: 4750
Released: Aug 2, 2010
Updated: Aug 4, 2010 by eugeniop
Dev status: Beta Help Icon

Recommended Download

Source Code Claims Identity Guide - VS2010
source code, 3151K, uploaded Aug 3, 2010 - 3262 downloads

Other Available Downloads

Documentation Claims Identity Guide - PDF (1 Page)
documentation, 6960K, uploaded Aug 4, 2010 - 1488 downloads

Release Notes

Updated samples for Visual Studio 2010 and .NET 4.0 - Release Candidate

Release notes:


Required configuration changes for IIS, DevFabric and Windows Azure

Both solutions 1-SingleSignOn and 5-WindowsAzure involves the a-expense.ClaimsAware project.
This solution is configured by default to run hosted in IIS, but the solution 5-WindowsAzure will run in a different environment (DevFabric and Windows Azure).
Please find the notes about the required required in the microsoft.identityModel section of the web.config of the a-expense.ClaimsAware project.

Cookies encrypted using RSA

As mentioned in the guide, the federation cookies are now encrypted using an RSA algorythm. This change enables the involved sites to support Web farm scenarios. This requires the following changed lines from the previous release:

In global.asax.cs

protected void Application_Start()
FederatedAuthentication.ServiceConfigurationCreated += this.OnServiceConfigurationCreated;


private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
List<CookieTransform> sessionTransforms =
new List<CookieTransform>(
new CookieTransform[]
new DeflateCookieTransform(),
new RsaEncryptionCookieTransform(e.ServiceConfiguration.ServiceCertificate),
new RsaSignatureCookieTransform(e.ServiceConfiguration.ServiceCertificate)
SessionSecurityTokenHandler sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());


In web.config:

<certificateReference x509FindType="FindBySubjectDistinguishedName" findValue="CN=localhost"/>

Request validation in ASP.NET 4

ASP.NET by default validates all the POSTs done to the web application. This validation checks that the input is not dangerous. For instance, a piece of XML that is not encoded is considered dangerous for ASP.NET. A token is a piece of XML that is not encoded. To avoid getting an exception when the token is posted, you will add a class that will check if the input is a token. If it is it will return true and will let the request to continue. If not, it will throw the regular "A potentially dangerous Request.Form value was detected..." exception.

This class is called WsFederationRequestValidator and it is enabled through the following web.config line:
<httpRuntime requestValidationType="WsFederationRequestValidator" />

Reviews for this release

No reviews yet for this release.