I have a situation where we have a MVC 2 application(I tried this with a basic MVC 2 app without any extra stuff, still same problem) and am using adfs 2 for authenticating my users.
So..
Now I get into my application and I get the below..
ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.IdentityModel.Protocols.FederationException: ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed.
I have read most blogs on this, and posted to one..
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://auth.[domain]/adfs/ls/" realm="https://[development domain]/[app]/" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<audienceUris>
<add value="https://[development domain]/[app]/" />
</audienceUris>
- I have the trailing slash on the realm and audienceUris.
- I have added what he suggested to Application_BeginRequest – I then copied code to [development domain] as that’s where the certs are.. It just gets stuck in an infinite loop then.
- I also have checked my Relying Party on the Geneva server.. The Identifiers and Endpoints(POST) are both https://[development domain]/[app]/ - again with the trailing slash
I think it’s a problem with the fact it’s a MVC application, I have created numerous Claims Aware website and got my claims etc on the default.aspx page. My thinking is that the routing that is involved with the MVC app is somehow posting it back wrong?
any help really apprecaited as Im looking at this for quiet a while now to no avail..
J
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…