Connection reset when contacting a WCF service hosted in IIS 7.5

Question

I am attempting to create a dummy security token service using the WCF Security Token Service website template. When creating the website, if I specify a file system URI and host the site in the ASP.NET Development Web Server then everything appears to be fine. However, I want the STS to use SSL and I would also like to avoid the cross-domain issues that arise when using the dynamic ports assigned by the ASP.NET Development Web Server. So I recreated the same website but specify an HTTPS URI to a preconfigured web application in IIS 7.5 (e.g. https://localhost/SecurityTokenService/) instead of a file system URI. Now all attempts to navigate to the Service.svc file result in a forceful connection reset.

Below is my web.config file although the fact that it works when hosted in the ASP.NET Development Web Server makes me think the problem is with an IIS setting. What are some things I might try to figure out what's going on?

<?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <configSections>
            <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        </configSections>
        <appSettings>
             <add key="IssuerName" value="ActiveSTS"/>
             <add key="SigningCertificateName" value="CN=STSTestCert"/>
             <add key="EncryptingCertificateName" value=""/>
        </appSettings>
        <connectionStrings />
        <location path="FederationMetadata">
            <system.web>
                <authorization>
                    <allow users="*"/>
                </authorization>
            </system.web>
        </location>
        <system.web>
            <compilation debug="true" targetFramework="4.0">
                <assemblies>
                    <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
                </assemblies>
            </compilation>
            <authentication mode="None"/>
            <pages>
                <controls>
                    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
                </controls>
            </pages>
        </system.web>
        <system.web.extensions>
            <scripting>
                <webServices>
                </webServices>
            </scripting>
        </system.web.extensions>
        <system.serviceModel>
            <services>
                <service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
                    <endpoint address="https://localhost/SecurityTokenService/Service.svc/IWSTrust13" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract"  bindingConfiguration="ws2007HttpBindingConfiguration"/>
                    <host>
                        <baseAddresses>
                            <add baseAddress="http://localhost/SecurityTokenService/Service.svc" />
                        </baseAddresses>
                    </host>
                    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
                </service>
            </services>
        <bindings>
            <ws2007HttpBinding>
                <binding name="ws2007HttpBindingConfiguration">
                    <security mode="TransportWithMessageCredential">
                        <message establishSecurityContext="false" clientCredentialType="UserName" />
                    </security>
                </binding>
            </ws2007HttpBinding>
        </bindings>
        <behaviors>
            <serviceBehaviors>
                <behavior name="ServiceBehavior">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="false" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
    <microsoft.identityModel>
        <service>
            <securityTokenHandlers>
                <remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
                <add type="CustomUserNamePasswordTokenHandler, App_Code"/>
            </securityTokenHandlers>
        </service>
    </microsoft.identityModel>
</configuration>

UPDATE: I can navigate to other files in the web application. Just not the *.svc file. I don't have anything to work with except for the 101 statuc code so this is kind fo frustrating.

UPDATE: Further experimentation indicates that the problem only exists with WCF services that are STSs and hosted in IIS. If I host a regular WCF service in IIS there is no problem. I downloaded a variety of example projects containing custom STSs and they all exhibit the same behavior. This leads me to believe that there is something wrong with the configuration of my IIS that prevents it from playing nice with an STS. Beats me how I might figure out what the problem is ...

Answer 1

The base address in your service is configured to be HTTP not HTTPS. Also, if you are browsing to it using HTTPS and expecting to see the service definition I think you would need httpsGetEnabled not httpGetEnabled. Could these be the problem?

Answer 2

I opened a support case with Microsoft about this. After digging through a lot of log and trace files, we determined that the physical path of the virtual directory in IIS was not correct. This is weird because Visual Studio created the virtual directory on my behalf when I added the project to my solution. I deleted and recreated the virtual directory manually and everything started working.