Implementing Passive STS in ASP.NET

Question

I have installed WIF Runtime and WIF SDK v4.0 and created an "ASP.NET Security Token Service Web Site" in Visual Studio 2010 (see this link).

When I run the site, type in any username/password combo, and press "Submit", I get the following exception:

The action < EMPTY > (Request.QueryString['wa']) is unexpected. Expected actions are: 'wsignin1.0' or 'wsignout1.0'.

So a few things:

• I realize I have no relying party (aka. client application), but is this necessary to test the site?
• I'm probably missing a few steps (such as creating a client app). What steps am I missing?

Answer 1

I have a six part tutorial on writing your custom STS, starting here (first three are enough for you):

http://netpl.blogspot.com/2011/08/adfs-20-quest-for-customizing-adfs-sign.html

http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-in-web.html

http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-ing-web.html

In short - yes. You need a RP which redirects to your STS with proper wa (for example wsignin1.0). This is done either with the WSFederationAuthenticationModule or wif:FederatedPassiveSignIn control at the RP side.

Writing your own RP is really easy and I can't think of testing your STS without valid requests from a RP.