0

I have downloaded the WIF SDK and training kit (June 2010 version), and I am trying to run the 1st exercise on my Windows 7 Enterprise 64 bit, with Visual Studio 2010 (all default installations).

What I have done so far was to run the SetupLab.cmd in the WebSitesAndIdentity lab, and tried to run the first lab (ClaimsEnabledWebSite). When I do so, however, I get the following error (from Chrome):

Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.

It is the most verbose information that I got. IE and Firefox will just abort my request. The request is being made to https://localhost/ClaimsEnableWebSiteEx01/

If I try to request to the HTTP url I get a 404. Looking at the source code I don't see anything other than a very simple page. Could anyone give me some pointers to run this thing?

I have already tried this solution made here in stackoverflow but I keep getting the same error.

Community
  • 1
  • 1
Pablo
  • 2,054
  • 8
  • 30
  • 56
  • Have you confirmed in IIS that the site was created properly and was bound correctly to HTTPS? – amit_g Jan 17 '11 at 18:20

2 Answers2

1

Just want to put a remark that the April 2011 version of the Identity Developer training kit for Visual Studio 2010 is already out of date. This can give problems with the labs. For example, I had the following problem reported during EXERCISE 2: ACCEPTING TOKENS FROM AN ACTIVE DIRECTORY FEDERATION SERVICES (ADFS) STS:

"The server certificate with name 'CN=ip-sts-01.federatedidentity.net' failed identity verification because its thumbprint ('DE74CFE7D20E8DC2B6E6E700E4D2A940CB08B268') does not match the one specified in the endpoint identity ('50191FA07A8F79D4220E551DF4B97F31519D012D'). As a result, the current HTTPS request has failed. Please update the endpoint identity used on the client or the certificate used by the server."

The exercise related to Web Services and Identity for Visual Studio 2010 Developers (last updated 8/25/2011, which is weird then to be outdated), asks the trainee to insert the following lines in the app.config of the WeatherStationClient:

<issuer address="https://ip-sts-01.federatedidentity.net/adfs/services/trust/13/usernamemixed"
bindingConfiguration=
"https://ip-sts-01.federatedidentity.net/adfs/services/trust/13/usernamemixed"
binding="ws2007HttpBinding">
<identity>
<certificate encodedValue="
MIIGKjCCBRKgAwIBAgIKKwWMagAFAAF3hDANBgkqhkiG9w0BAQUFADCBizETMBEGCgmSJomT8ixkARkWA2NvbTEZMBcGCgmS
JomT8ixkARkWCW1pY3Jvc29mdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMSowKAYD
VQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMTAwMzI0MTcwNTI3WhcNMTEwMjE5MTgyNDUzWjB4
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCd2ExEDAOBgNVBAcTB3JlZG1vbmQxEjAQBgNVBAoTCW1pY3Jvc29mdDEMMAoGA1UE
CxMDaWRhMSgwJgYDVQQDEx9pcC1zdHMtMDEuZmVkZXJhdGVkaWRlbnRpdHkubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCqQB1CIW67PoTYJPc5wgjF9qtyKHToKVesfMPgE5oNtg+d47DAHllO0vCGvhWmsaJhbimLXK1GzTno/pNMorvFqVQN
V9Z9WUxw6tw6VLaUEDBaQ/Afd8SyoljDnaZuxn6tqLjGBR+QgX+SBFFyiQD9iZwVLc+7cblf9lRGoG9kfQIDAQABo4IDJDCC
AyAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3
DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglghkgBZQMEAQIwCwYJYIZIAWUD
BAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTpy6XhrWHQg+IRMqEPWBPt9nGZCTAfBgNVHSMEGDAWgBQUVcQ5
4D0u0VUuSJaw2H4UIgaTvDCCAQoGA1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3Br
aS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg1KS5jcmyGVmh0dHA6Ly9jcmwu
bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoNSku
Y3JshkFodHRwOi8vY29ycHBraS9jcmwvTWljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDUpLmNybDCB
vwYIKwYBBQUHAQEEgbIwga8wXgYIKwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jv
c29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg1KS5jcnQwTQYIKwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2Fp
YS9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoNSkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQB
gjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQYwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAK
BggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAX3OLpn7dtTwxUdTbUQQpkmBDVgwOItpIuIykQw8ab7y94weVBkF58DX5
KoZ+44eEq9kDh/LKBA5ncTrrNKc8TRypjBM1JgvaP+7WDStb4ll07r8Ka7Zskb+4RGFnZDVP91zMq6aw7C63UHCMQCMv4K7a
mKuq+dxJEEp+BCRyiMhbt0QQAY2Fv+IrEf/unLvV/TheZ7J5meKLV4tvZaAU4zFzHbfaZ1tGSr6ldhkL92Qqs8WF1nRfPyq3
Jk+616KVZXyluBhDoK6sCGJdCzmP+CWhaOprCbPrM5GAFSig7TUTQymi87SNAM9H1dVaIfSysjc9BjhnhFm7HsINtj6S1g==
" />
</identity>
</issuer>

The problem is that the certificate that is contained in this encoded value has expired since 2/19/2011. They did put up a new certificate on the server but forgot to update the exercise description.

To get this to work, instead of the suggested snippet above, use:

<issuer address="https://ip-sts-01.federatedidentity.net/adfs/services/trust/13/usernamemixed"
bindingConfiguration="
https://ip-sts-01.federatedidentity.net/adfs/services/trust/13/usernamemixed"
binding="ws2007HttpBinding">
<identity>
<certificate
encodedValue="MIIF5jCCBM6gAwIBAgIKTPVCpAAIAAH4kDANBgkqhkiG9w0BAQUFADCBizETMBEGCgmSJomT8ixkARkWA
2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdy
ZWRtb25kMSowKAYDVQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMTEwMjI4MTgyNTU0WhcNMTM
wMjI3MTgyNTU0WjAqMSgwJgYDVQQDEx9pcC1zdHMtMDEuZmVkZXJhdGVkaWRlbnRpdHkubmV0MIIBIjANBgkqhkiG9w0BAQ
EFAAOCAQ8AMIIBCgKCAQEAxwHgRsl3Pk9blgHI/jBozplW740UU+tx9kp5qYlsSZ2JRSWXpkNBJGGn4VeF/evW/d2Vo5D9Z
ZYOFoEh5x1G3RF+hEgRj3Na9P9GjfuJeB9CfL9HN5Z70tLgi/Swpd+zJxhOUrxBZFjzhwd9i17J9OAXnhoqdhPtPh4WIkCs
uOrA0+B+mfhCsuCj+YYV6msXkzF7cdZ3HqN9x6fdG+2mA+am+Y4DKirs5TmhDolx32l0QdfhDLKI5/iwltgOvd/5d89AWKj
1RlNewv4F6ZzuPev2PrRK3J1L7dGf0hMZYHmw1rGbEm5l/6zUif+3A1GS5M4C2aI0LULtTcATpLY6cwIDAQABo4ICqjCCAq
YwPwYJKwYBBAGCNxUHBDIwMAYoKwYBBAGCNxUIg8+JTa3yAoWhnwyC+sp9geH7dIFPg8LthQiOqdKFYwIBZAIBCjAdBgNVH
SUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwCwYDVR0PBAQDAgSwMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYI
KwYBBQUHAwEwHQYDVR0OBBYEFJcgzmxV2Eb/y2gP/WMIta+HPLSlMB8GA1UdIwQYMBaAFAhC49tOEWbztQjFQNtVfDNGEYM
4MIIBCgYDVR0fBIIBATCB/jCB+6CB+KCB9YZYaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTW
ljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDgpLmNybIZWaHR0cDovL2NybC5taWNyb3NvZnQuY29tL
3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcmyGQWh0dHA6Ly9j
b3JwcGtpL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3JsMIG/BggrBgEFBQcBAQS
BsjCBrzBeBggrBgEFBQcwAoZSaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwU2VjdX
JlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDgpLmNydDBNBggrBgEFBQcwAoZBaHR0cDovL2NvcnBwa2kvYWlhL01pY3Jvc29md
CUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAODoj1Oh3FYsizwaDPKs
o3LGCGd9XTZtbDI/yB2QVWFWBN5OHVYMAhukXXZjtjGL9yNlPbl+ImP+BI//bAfQCuubavesBbf3wFtGJ7hpPpiKwhkKsLE
KwldGrNAoSC2W6QFHCFhu0AjdO3GM8CQsqQ2cSAo6lWC+FNW1odZl0s6BqRTIsklFMHmqW7gmZwUbQCcjdiBx1KyzGttMt5
4mcH21QWeuICKGM/2cQdLVZOG+XpsSW00m0+lcUQeN/ZJ+S7j66gntc4dj8bdMMMzr3+zuoSd75Dv4qjsSnEc9KeXYTeDqc
3e14RUkA0q+MjB88BX3DtzmSpZBQ6txlwV8R+U=" />
</identity>
</issuer>

This refers to the new server certificate hosted at ip-sts-01.federatedidentity.net. And that did the trick for me!

Hope it helps some of you getting through the labs,

Marco

kroonwijk
  • 8,340
  • 3
  • 31
  • 52
0

There have been a number of updates - see here:

February 2011 Updates to the Identity Training Kit & Course

Each Source folder has two sub folders viz. Begin and End. Begin is the start point for the exercise and End is what you should (hopefully) end up with!

Have you tried building and running the Begin project? (i.e. before making any changes)

Have you tried building and running the End project?

Have you tried adding the application to IIS and running from a "normal" browser rather than from the VS internal one?

Have you tried adding logging - Windows Identity Foundation Samples–Trace is Your Friend

Have you tried building and running a default claims-aware web site - File / New / Web Site / Claims-aware ASP.NET Web Site?

Hopefully, that should throw up some clues.

rbrayb
  • 46,440
  • 34
  • 114
  • 174