Monday, February 28, 2011

Limitation of ContosoClaimsProvider

If you have read my previous post on how to deploy the ContosoClaimsProvider, you may discover that there is a limitation with the ContosoClaimsProvider sample.

The main limitation you will immediately notice is that the SupportsHierarchy property is set to false.  Therefore, the FillHierarchy method is not implemented and will throw a Not Implemented Exception if the SupportsHierarchy property is set to true.

If you wish to get started using a Hierarchy in the Claims Provider, I would recommend either utilizing the SqlClaimProvider sample or else reviewing the documentation on the FillHierarchy method on MSDN.

Red Gate to begin charging for .Net Reflector

For those of you who are not familiar with .Net Reflector, it is a invaluable tool used for "reflecting" into .Net assemblies.  It can be used for a wide variety of purposes, but the most common usage is as an alternative to Visual Studio's Object Browser.

However, it can do much more than simply act as a substitute Object Browser.  It actually has the ability to decompile code.  If you have the source code readily available for a solution, this is probably not necessary.  However, I recently encountered a situation where a C# .Net Assembly was built by a developer who had never  saved the source code to a source control repository and therefore the original source code was not available.  In addition, the developer had since left the company.

Fortunately, .Net Reflector came to the rescue!  I was able to decompile the original assembly and extract the source code.  Once I had extracted the source code, I built the solution in Visual Studio and promptly checked in the resultant source code into the source control repository.

Well, up until a few years ago, this was a completely free tool maintained by an independent developer.  A few years ago, Red Gate acquired the tool and has been maintaining it ever since.

Well, Red Gate has made a recent announcement that this tool will no longer remain free.

You can read more about the announcement here:

Therefore, if you want to get your hands on the free version before they start charging for it, you can download it from here:

Working with the ContosoClaimsProviders project

If you have downloaded the sample Contoso Claims Provider from MSDN Code Gallery from here:

You will probably notice that there is no associated documentation with the sample code.  Instead, you are pretty much left to your own devices in terms of understanding how to deploy the code.

Fortunately, once you figure out the elements that you have to alter, the deployment of this code is far more straightforward than the source code download for the SqlClaimProvider (also downloadable from MSDN Code Gallery).

  1. Open Visual Studio
  2. Open the Contoso Claims Provider Visual Studio project
  3. Right click on the Properties for the Visual Studio project
  4. You should now see a set of properties for the deployment
  5. Look at the property for Site URL
  6. By default, this will be populated with a value such as
  7. Change this to your SharePoint 2010 installation URL such as http://localhost
  8. Save the Visual Studio project
  9. Right click on the Visual Studio project and select Deploy
  10. If all goes well, at the end of the deployment operation, you should see a status message stating "Deploy succeeded"

Visual Studio Extension for resolving Assembly References

If you have numerous assembly references in your Visual Studio project, it is often useful to know where those assemblies physically reside on disk.  If those assemblies are registered in the GAC, it is even more useful to determine where these assemblies are physically installed since discovering them is not always immediately obvious.

Fortunately, a fellow developer has uploaded a Visual Studio 2010 extension to simplify our lives when dealing with Assembly References in the form of an extension called the Assembly Reference Resolver.

You can download the extension from the Visual Studio Gallery here:

Friday, February 25, 2011

Sitefinity Migration Tool - Not yet ready for primetime

If you are a current user of Telerik Sitefinity CMS, you may already know that Telerik has recently released Sitefinity v. 4.0.  However, Sitefinity v. 4.0 does not offer any out-of-the-box support for migrating from an earlier release of Sitefinity (namely v. 3.7) to v. 4.0.

However, in order to accomplish this task, they have released a Sitefinity Migration Tool on CodePlex.  The source code for the project can be downloaded from here:

I have previously deployed numerous sites using Sitefinity v. 3.7 and attempted to migrate several of these websites using the Sitefinity Migration Tool.

Unfortunately, each and every single web site that I attempted to migrate failed miserably.  Either only some of the content was migrated or the content was not migrated at all.

So where does that leave you?  Basically, if you want to adopt Sitefinity v. 4.0 in the near future, it looks like you will have to start pretty much from scratch.  At this point, the Sitefinity Migration Tool is simply not production-ready and will likely fail in migrations about 99.99% of the time.

If you are able to successfully migrate your v. 3.7 site, all the better for you.  Otherwise, I would probably recommend sitting tight on v. 3.7 for now.  If you want to leverage the capabilities of .Net 4.0, you can consider upgrading to v. 3.7 SP4 with .Net 4.0 support (if you have not already done so).

Hopefully, prior to the release of Sitefinity v. 4.0 SP1, Telerik will offer a better migration path than what they have today.

Good luck...

Installing SharePoint Claims Providers

If you have downloaded the sample code for a Custom Claims Provider from MSDN Code Gallery such as from here:

You will find that there is a document within the solution called instructions.txt.

If you open the document, these are the contents of the file:

1.  Install assembly to GAC.
To Install Feature:
1a.  install-spfeature -path SqlClaimsProvider
NOTE:  No need to enable / activate because it is a farm-scoped feature.
To Uninstall Feature:
1b.  uninstall-spfeature -identity SqlClaimsProvider

Unfortunately, if you attempt to run the command "install-spfeature -path SqlClaimsProvider", you will receive the following error message: "Failed to find the XML file at location 14\Template\Features\SqlClaimsProvider"

Well, as you can probably guess, the documentation provided in instructions.txt is incomplete.  If you read this MSDN article, you will find additional details on how to utilize install-spfeature:

Based on this article, you will actually need to do the following to successfully install the SqlClaimsProvider as a farm level feature:

  1. Open Windows Explorer
  2. Navigate to the following directory structure: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\FEATURES
  3. Create directory called SqlClaimsProvider
  4. Beneath this directory, copy the file feature.xml from the Visual Studio solution
  5. Now, open the SharePoint 2010 Management Shell
  6. At the PowerShell command prompt, type install-spfeature -path SqlClaimsProvider
  7. This should now successfully install the SqlClaimsProvider as a farm level feature

Post build event for installing assemblies to the GAC

There are numerous articles and postings which provide details on how to create a post-build event for Visual Studio to install an assembly to the GAC (Global Assembly Cache):

If you want to know what to put in the Post Build Event for Visual Studio 2010, here it is:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\x64\gacutil" -u "$(TargetPath)"
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\x64\gacutil" -i "$(TargetPath)"

Installing SharePoint on a machine joined to the domain

If you install SharePoint 2010 on a machine joined to the domain, you may encounter some issues when attempting to authenticate against your instance (particularly if you have NTLM Authentication configured).  If you are attempting to access SharePoint Central Administration, then you have no choice but to authenticate using NTLM Authentication.

One of the problems that you will probably encounter when attempting to authenticate against your SharePoint site while using NTLM Authentication is that it requires an active connection to a domain controller.  Well, if you are working remotely, you may not have an active connection to your domain unless you establish a VPN connection

So, if you encounter such a situation when attempting to authenticate against your SharePoint site, just make sure you have an active connection to your domain via VPN.

If you wish to avoid this type of issue in the future, you can probably guess the obvious solution to this problem--develop inside of a virtual machine.  Inside of a virtual machine, you can completely isolate your development environment from the issues associated with your host machine.

Failed to generate a strong name key pair -- Access is denied

I recently downloaded a code sample from MSDN Code Gallery and since it required code signing, it included a strong name key.

Of course, when I went to build the project in Visual Studio 2010, I got a Cryptographic failure while attempting to sign the assembly.

Well, this error message did not provide me with enough details, so I opened a Visual Studio Command prompt and typed "sn -k key.snk"  Now, instead of the Cryptographic failure error message, I got another error message "Failed to generate a strong name key pair -- Access is denied"

Well, after a little Google searching, I found several blog posts indicating that I needed to change the file system permissions for the following directory:
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys

A lot of articles and blog posts mention adding specific user privileges in order to get the strong naming operation to work correctly.

However, what I have found out is that this is usually not necessary.  Instead, I simply checked the check boxes for the following "Include inheritable permissions from this object's parent" and "Replace all child object permissions with inheritable permissions from this object."

For whatever reason, somehow the Administrators group becomes orphaned and no longer has permissions to the required directory.  (I suspect that it is because I installed Visual Studio 2010 before joining my machine to the domain, but I can't tell for sure.)  In any case, by simply inheriting permissions for the directory, this will override any "special" permissions that somehow got applied to the directory which preventing the signing of an assembly with a strong name key.

These are the steps I followed:

  1. Open Windows Explorer
  2. Browse to the directory path C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys
  3. Right click on the directory and select Properties
  4. Click on the Security tab
  5. Click on the Advanced button
  6. Click on the Change Permissions button
  7. Check on the checkbox next to  "Include inheritable permissions from this object's parent" as well as "Replace all child object permissions with inheritable permissions from this object."
  8. Click on the OK button
  9. If you receive any access denied error messages, click on Cancel.
  10. If you receive any other error dialog boxes, click on Cancel.
  11. Even though you clicked on Cancel on the various dialog boxes, the inherited permissions should still have been applied.
  12. Once again attempt to either sign the assembly with a strong name key or rebuild the solution in Visual Studio.
  13. If everything worked correctly, you should now be able to successfully sign your assembly with a strong name key!

Processor check for 64-bit Guest OSes

If you have a bit of an older computer and you are not sure whether or not your system will support 64-bit guest OS Virtual Machines, you can download the VMWare Processor Check utility from here:

This tool will validate whether or not your system is capable of hosting 64-bit Guest OS Virtual Machines using either VMWare Server or VMWare Workstation.

Clearing cookies with IE 8's Developer Tools

If you have been working with Windows Identity Foundation, you probably already know that it is not as easy to clear out cookies using Internet Explorer as it is with alternative browsers such as Mozilla Firefox and Google Chrome.

However, if you are forced to work with Internet Explorer 8, there is still a way of managing cookies.  That method is through the use of the Developer Tools which ship with Internet Explorer 8.

  1. Browse to the website in Internet Explorer from which you want to remove/delete the associated cookies.
  2. From the Tools menu (or F12), you can open the Developer Tools. 
  3. You can then open the Cache menu
  4. Beneath the Cache menu, you will see several options for managing cookies
  5. However, unlike the Remove Individual Cookies option in Mozilla Firefox and Google Chrome, you will not find such an option.
  6. Instead, you will have to select the menu option for Clear Session Cookies
  7. After you click on that option, you must now select the menu option for Clear Cookies for Domain
  8. After that is done, you should be able to log into your website (probably your STS) using different login credentials.

Microsoft Code Samples

If you have ever been looking for code samples which you cannot easily find on MSDN, or code samples that are too basic for your needs (for example, Hello World applications), you will probably want to look at these alternative sites for code samples and examples which provide more real-world usage scenarios for what you need to accomplish:

MSDN Code Gallery:

All-In-One Code Framework:

Memory requirements for SharePoint 2010 Development

If you are a developer working with SharePoint 2010, you are probably wondering what are the memory requirements for development with SharePoint 2010.

Well, now that SharePoint 2010 supports installation on Windows 7, you will probably be installing SharePoint 2010 on your local developer workstation.  If you look at the minimum and recommended memory requirements posted on MSDN, you will see that the minimum requirement for developing on such an environment is 2 GB while the recommended is 4 GB.

Well, unfortunately, those recommendations do not take into account a usual developer's everyday usage of a development workstation.

In most cases, a developer will have numerous things open simultaneously such as an e-mail client such as Outlook, one or more instances of Visual Studio, of course, SharePoint 2010 and SQL Server and probably several open browser windows.

If you begin looking at the memory allocations of the base Windows 7 OS and then adding on the memory requirements for all the other various applications, you will soon discover that 4 GB is simply not enough.  Also, one should not forget that there are probably numerous applications running in the background such as a virus scan engine as well as firewall application and perhaps disk encryption.  One of the biggest memory hogs is actually the browser.  Browsers such as Internet Explorer 8 and Google Chrome each open up a brand new process for each tab that is open.  If you are browsing through some articles as part of your research, chances are that you will have numerous browser windows open.  Well, once you start have 8 or 10 browser tabs open, the memory adds up real quick.  And if you start running low on memory, the OS begins paging to disk which will make development even slower.

So, realistically, how much memory should you actually have?  My recommendation would be to have at least 6 GB and if you are lucky enough to be able to get more, try to get 8 GB of RAM. 

With 6 or 8 GB of RAM you should be able to comfortably perform all of your standard development activities with SharePoint 2010 without having your machine become unresponsive or slow to a crawl. 

Thursday, February 24, 2011

SkyDrive now offers 25 GB of online storage

Microsoft is now offering 25 GB of online file storage on SkyDrive.  If you already have a Windows Live ID, you can simply log in and begin accessing your SkyDrive today!

You can access SkyDrive from here:

VMWare Workstation Error Message: 64-bit operation is not possible

If you newly install VMWare Workstation on your computer and you try to configure a 64-bit Guest VM such as Windows Server 2008 R2 or Windows Server 2012, you may receive the following error message:

Well, this error message essentially means that even though you may be running a 64-bit OS on your computer, you are running it on the HOST OS.  This is different than running a 64-bit OS in a Guest Virtual Machine.

By default, most BIOS settings disable Virtualization Technology.  Therefore, if you want to run 64-bit Guest VMs on your system, you will have to manually alter this setting in your BIOS.

On older computers, there is another technology enabled in your BIOS which is inhibiting and thus preventing you from using 64-bit guest virtualization called Intel-AMT.  You can read more about Intel-AMT here:

So, as you can probably guess, if you disable Intel-AMT from your BIOS and then re-boot your system, you will be able to utilize 64-bit guest virtual machines!

On newer computers, this setting has been renamed to Virtualization Technology (VTx).  The location of this setting can vary from computer to computer, but on an HP computer for example, it is under the System Configuration --> Device Configurations menu option.

You simply have to check the Virtualization Technology (VTx) checkbox and you should be all set to run 64-bit Guest Virtual Machines!

Why every developer should use source control

Most organizations nowadays already have a source control system in-place within the organization.  If you are a startup organization, you may or may not have decided upon a source control solution for your organization. 

Of course, for the Microsoft world, most developers using Visual Studio will want to adopt Microsoft Team Foundation Server.  There are numerous other alternatives as well including Sourcegear Vault Professional/Standard as well as Subversion and numerous others.

However, one point I would like to make is that you if you are a developer doing solo development projects, do you still need source control!  Absolutely!

Source control is one of those items that should be in every developer's toolbox.  Working without version control is simply too tedious (making backups of every single file change) and far too prone to error.

In the past, many developers would have opted out of using a source control system or would have used a source control system such as Visual SourceSafe.  But, as most Microsoft developers know, Microsoft Visual SourceSafe is pretty much a dead product which has been supplanted by Team Foundation Server

With the latest release of Team Foundation Server, developers can now install a completely running instance on their Windows 7/8 workstations.  However, installing Team Foundation Server is a lengthy and time consuming process (even with Team Foundation Server Express).  Most developers who want to get up and running with source control will usually want a source control system which integrates with Visual Studio, is easy to set up and takes a minimal amount of time to install.

Well, fortunately, there are several free alternatives.  My personal favorite is Sourcegear Vault.  It is free for a single user, easy to install, integrates with Visual Studio seamlessly and uses a SQL Server database for storage.

Sourcegear Vault can be downloaded from here:

Microsoft is also now offering Team Foundation Server Cloud Hosting for FREE.  You can sign up for TFS Preview here: 

If you are a fan of Subversion, there is also a free version of Subversion that integrates with Visual Studio available from CollabNet called AnkhSVN:

This can be downloaded from here:

Need to share code online?

If you have a need to share code online with other developers on your team that work remotely, you should try

This website allows you to share code samples complete with syntax highlighting ranging from C# to Visual Basic to XML or even T-SQL!

This website is very useful for sharing code snippets that can be used as part of quick, informal Peer Reviews or any other type of code sharing activity.

Check it out!

Wednesday, February 23, 2011

Custom Configuration Sections

If you want to define your own custom configuration sections, since appSettings and connectionStrings are just not cutting it, but you do not want to go through the hassle of writing and defining entire classes to handle configuration section data, you will probably want to utilize one of the 3 built-in (but less well known) configuration sections:

  1. SingleTagSectionHandler
  2. DictionarySectionHandler
  3. NameValueSectionHandler
This article, though a bit old (from the days of .Net 1.1) provides a good explanation and description of how to use these configuration section handlers:
Though the article references the System assembly for the System.Configuration.DictionarySectionHandler and the NameValueSectionHandler, as you may recall, Microsoft moved System.Configuration into its own separate assembly as of .NET 2.0, therefore, you simply need to reference System.Configuration.DictionarySectionHandler or System.Configuration.NameValueSectionHandler respectively without the comma ",System".
<section name="dictionarySample" type="System.Configuration.DictionarySectionHandler"/>

<section name="mySection" type="System.Configuration.NameValueSectionHandler" />

Of course, being that the Configuration library methods have changed since then, some of the provided code is inaccurate.  However, the change is very minor.
Instead of using  

NameValueCollection db = (NameValueCollection)ConfigurationSettings.GetConfig("Database");

you simply use this instead
NameValueCollection db = (NameValueCollection)ConfigurationManager.GetSection("Database");

As you probably already know, ConfigurationSettings is deprecated in favor of using ConfigurationManager (or WebConfigurationManager) for handling Configuration Management and retrieval.
Also, if you wish to avoid casting exceptions, you can modify the above code to the following:
NameValueCollection db = ConfigurationManager.GetSection("Database") as NameValueCollection;

Once you know to substitute ConfigurationSettings.GetConfig with ConfigurationManager.GetSection, the remainder of the coding is much the same!
Below are examples for each of the SectionHandlers:
var singleTagSection = ConfigurationManager.GetSection("sampleSection") as Hashtable;

var setting1 = singleTagSection["setting1"];

var setting2 = singleTagSection["setting2"];

var setting3 = singleTagSection["setting3"];
var dictSection = ConfigurationManager.GetSection("dictionarySample") as Hashtable;
var nvSection = ConfigurationManager.GetSection("mySection") as NameValueCollection;

Why Mozilla Firefox and Google Chrome are better than IE for development

If you have been developing with Windows Identity Foundation at all using Claims-aware Web Sites and a Security Token Service, you may have realized some of the frustrations with developing using Internet Explorer.

The way in which Claims-aware applications work in conjunction with an STS, is that the token information is stored in a cookie on your browser. 

Well, if you are testing tokens from multiple users to see how they render differently, as you can probably guess, this becomes a bit of a problem.  Since the cookies are stored locally on your browser, even when you close the window, the cookie is not deleted from your machine.  Therefore, the next time you attempt to log into the system, you are automatically re-directed because the cookie is still present.

Unfortunately, unlike Mozilla Firefox or Google Chrome, there is no easy way to manage these cookies and remove individual cookies.  Even using the new Developer Tools available with IE 8 does not provide this capability. 

But, if you are using Firefox or Chrome, you can simply use the option to Remove Individual Cookies.  Using this capability, you can simply delete the cookies (from localhost or elsewhere) that were placed on your machine.  Once the identification information has been removed from the browser, you can now log in as an alternative user.

Below is a screenshot from the Cookie Manager present in Firefox.  You can find this tool under Tools-->Options-->Privacy-->remove individual cookies (hyperlink)

Running Windows PowerShell Scripts

Whether you like it or not, eventually you will have to learn Microsoft Windows PowerShell.  Microsoft has been slowly moving administrative activities that have been typically managed at the command line over to PowerShell scripts.  SharePoint 2010, in particular, has been moved largely to administration using Windows PowerShell.

Therefore, if you want to learn how to begin working with PowerShell and executing PowerShell scripts, this is an excellent article to help you get started:

Running Windows PowerShell Scripts

Tuesday, February 22, 2011

Manually removing an IIS Web Site that no longer exists

I recently had some problems with my installation of SharePoint 2010 and therefore had to uninstall my instance of SharePoint 2010 from my development workstation.

However, one of the unfortunate side effects of the uninstall was that the IIS Management Console continued to display an invalid Web Site called "Site 2". 

Upon clicking on the Web Site, I received an error message stating that "The application / does not exist".

Fortunately, I was working with Windows 7 (and thus IIS 7.5) which provides me with the ability to directly edit the IIS Management Console contents.

  1. From the top level in the IIS Management Console, click on the Configuration Editor icon in Features view
  2. From the dropdownlist, select system.applicationHost and the sites
  3. Click on the ellipsis to view the sites
  4. Highlight and select "Site 2" and click on the Remove button in the Actions menu on the right hand navigation menu
  5. Close that window
  6. In the Configuration Editor Actions menu on the right hand navigation menu, click on the Apply button
  7. Refresh the IIS Management Console
  8. You should notice that "Site 2" has now been removed from the Management Console.

Name of SQL Server instance in Standalone installation of SharePoint 2010

If you have performed a Standalone installation of SharePoint 2010, you may know that SharePoint 2010 will automatically install SQL Server 2008 Express edition for you.

Given that it is installing SQL Server 2008 Express, you would figure that the name of the SQL Server instance would either be (local) or (local)\SQLExpress. But, if you attempt to enter either of these values in SQL Server Management Studio, you will get an error message stating that a connection should not be established.

This is because the actual instance name of the SQL Server 2008 Express edition that is installed by the Standalone installation of SharePoint 2001 is actually (local)\SHAREPOINT.

Monday, February 21, 2011

Registering a Trusted Identity Provider in SharePoint 2010

If you want to register a Trusted Identity Provider for SharePoint 2010, there are numerous ways to do this.  If you do a quick Google search for these key words, you will find numerous articles on how to accomplish this.  Most of these articles will focus on using PowerShell to accomplish the task.

One such article is here:

However, if you are more familiar with Microsoft.Net than you are with PowerShell (as most developers are), then you will probably prefer a Microsoft.Net WinForms Tool over typing in PowerShell commands.  Fortunately, for the majority of .Net Developers out there, Microsoft has released such a tool along with its corresponding source code to allow you to accomplish just such a task.

The source code can be downloaded from MSDN Code Gallery here:

You will want to download the source code for the Claims Example Trusted Login Provider.  Included in the source code is a tool called RegisterSTS. Building and running this tool will allow you to register the WingtipSTS Security Token Service which is also included in the source code solution.

Unfortunately, the source code for the RegisterSTS is broken when building the solution in Visual Studio 2010.  In addition, many of the items in the source code solution are hard coded into the C# code, thereby making it difficult to easily modify and manipulate.

I have modified some of this source code to correct the error messages as well as migrating some of the key elements into an App.config file for easy modification.

In a subsequent post, I will post my modified source code so that others may benefit from these changes as well.

However, even though the RegisterSTS tool is convenient for registering a Trusted Identity Provider, a Trust Relationship still needs to be established by trusting the STSTestCert certificate.

The details of how to accomplish this can be found in this article:

The content that you will probably need is the following:

  1. From the Start-->Programs-->Microsoft SharePoint 2010 Products menu, select SharePoint 2010 Management Shell
  2. This will open the PowerShell console needed to execute the required SharePoint commands
  3. Now, run the following commands:
    1. $trustCert = Get-PfxCertificate <C:\PublishingFarmRoot.cer>
      New-SPTrustedRootAuthority <PublishingFarm> -Certificate $trustCert

     4.  Once you hit the Enter key, this should register the STSTestCert to establish the required Trust    Relationship

Till next time, happy coding!

Where is my STSTestCert?

If you have recently installed the Windows Identity Foundation SDK, you may be lucky enough to have had the STSTestCert X509 Certificate properly installed on your local machine.

If you are one of those unfortunate few who did not get the STSTestCert X509 Certificate installed on your machine, fear not, there is still hope for you.

  1. First of all, the easiest way (that I prefer) to check if you have the STSTestCert properly installed is to open the IIS 7/7.5 Management Console.  
  2. In the Features view, click on Server Certificates
  3. Review the list of Server Certificates
  4. If you cannot find STSTestCert listed amongst the installed certificates, your installation of Windows Identity Foundation SDK did not install the certificate for you.

Well, if you are in this situation, you should still be able to get the STSTestCert installed on your system.

  1. Launch Visual Studio 2010
  2. From the File menu, select New-->Web Site
  3. Look at the various project templates for C#
  4. Make sure the Target Framework is .Net Framework 4
  5. Create a new ASP.Net Security Token Service Web Site project
  6. Now repeat the steps listed above to review the Server Certificates installed in the IIS Management Console
  7. You should now be able to find the STSTestCert Server Certificates amongst the list of installed certificates

Attempting to use the Default Web Site on an installation of SharePoint 2010

I recently installed SharePoint 2010 on my development environment and as part of my development, I commonly use the Default Web Site to host my applications that require IIS.  Furthermore, I continued to believe that I could use the Default Web Site because when I installed the Standalone instance of SharePoint 2010, it automatically provisioned another web site for me called SharePoint - 80.  

Well, unfortunately, as I discovered, SharePoint 2010 provisions the Default Web Site (in some unknown manner to me).  I imagine that it installs some type of SharePoint Filter/SharePoint ISAPI on the Default Web Site.

Well, the unfortunate consequence of this, is that any web application development which attempts to use the Default Web Site for development will receive network error messages while attempting to browse to any content hosted beneath the Default Web Site.

So, what is the remedy?  Well, of course, simply create a brand new website in IIS!  After doing this, my development web sites immediately began working again.

Maybe, in the future, I will get a chance to figure out how to continue to use the Default Web Site alongside SharePoint for development, but for now, creating a separate web site works for me.

Hopefully this information will help others who have struggled with this problem as well.

Installing SharePoint 2010 on Windows 7

If you are setting up a development environment for SharePoint 2010 on your Windows 7 x64 workstation, then you have probably already read this article:

Setting Up the Development Environment for SharePoint 2010 on Windows Vista, Windows 7, and Windows Server 2008

Unfortunately, if you read the article, you will notice that the prerequisites necessary for installing SharePoint will not automatically be installed by the installer on a Windows 7 system.  Therefore, it is up to the developer to manually install of the required prerequisites.

Fortunately, the Scripting Experts at Microsoft have created a PowerShell script to automate the entire installation of SharePoint 2010 on a Windows 7 workstation!

Script to Install SharePoint 2010 on Windows 7

To go even a step further, Microsoft has released a tool which functions similar to the Web Platform Installer in that it allows a whole host of applications to be installed and configured automatically for you called the SharePoint 2010 Easy Setup Script.

This tool can be downloaded from here:

Pre-pidding a SharePoint 2010 installation

You know how a number of products released by Microsoft are already pre-pidded such as Microsoft SQL Server 2008 and various other Microsoft products downloaded from MSDN such as Visual Studio 2010?

Well, if you frequently work with SharePoint 2010 and do not want to worry about remembering or copying down the SharePoint 2010 product key each time you wish to install SharePoint 2010, you can also pre-pid your SharePoint 2010 installation.

  1. In the SharePoint 2010 ISO image, there should be a Files directory
  2. Open the Files directory
  3. Beneath the Files directory, you should find numerous Setup directories named Setup, SetupFarm, SetupFarmSilent, SetupFarmUpgrade, SetupSilent and SetupSingleUpgrade
  4. If you open up one of these directories, you will find a config.xml file contained within.
  5. You should examine each of the config.xml files to determine which one of the configurations you wish to pre-pid.  For example, the Setup directory contains an Xml node describing the SERVERROLE as SINGLESERVER.  This indicates a standalone installation.  The various other directories will have differing server roles such as APPLICATION and some directories will perform silent installations as well.
  6. Once you have decided upon which config.xml file you wish to edit, you can open that respective file for editing.
  7. You should then find a commented out element such as this: <!--<PIDKEY Value="Enter Product Key Here" />-->
  8. Simply uncomment out the element and enter your SharePoint 2010 Product Key (either Standard or Enterprise Edition)
  9. Save the resultant config.xml file
  10. If you are like me, you probably prefer to simply save a new ISO image so that you can re-use it later.  There are numerous ISO image tools you can use to accomplish this such as UltraISO, MagicISO, ISOBuster and many others.  Personally, my favorite is UltraISO.
  11. Once you have saved your new ISO image with the modified config.xml file, you should be ready to install a pre-pidded installation of SharePoint 2010!

Internet Explorer's Reopen Last Browsing Session

If you have used Internet Explorer 8 at all, you may be familiar with the new feature introduced with version 8.0 which allows one to re-open his/her last browsing session.  Of course, Firefox and other browsers have had this feature for quite some time, but it is brand new to Internet Explorer 8.

However, I discovered that this feature does not work quite as nicely in IE 8 as it does in Firefox and other browsers.

When you are clicking on links through a website, on some occasions you may right click on the link and "Open in New Tab" or else you may just follow the website's default hyperlink behavior.

In some cases, clicking on a hyperlink will open a brand new Internet Explorer window.  Of course, once this occurs, a brand new "session" is opened.  This poses a bit of a problem for Internet Explorer's "Reopen Last Browsing Session" feature.  Since 2 "sessions" are now active while you are browsing through Internet Explorer, Internet Explorer will only be able to retain 1 of them.  Well, how is that decided?

As it turns out, the last windows to close is the last one that will be retained.  Therefore, if you have 2 windows open with multiple tabs opened in each window, the window which you close last will be the one that will be retained and reopen when you select "Reopen Last Browsing Session" from the Tools menu.

So how do you work around this problem?  Well, one way is to add all of the tabs from your 2nd window to the previously active window and then close the 2nd active window.  Then, when you close the resultant active window, all of the currently opened tabs will continue to be retained.

Personally, I like to use Firefox, Chrome or Opera whenever possible, but when you are forced to use Internet Explorer, this tip may be a good thing to know.

Cryptographic exception when running SharePoint 2010

I was just recently setting up a SharePoint 2010 Development Environment and shortly after installing SharePoint 2010, I started seeing numerous Cryptographic exception error messages each time I attempted to browse to a page in SharePoint.

As it turns out, this error message seems to appear because of the manner in which I set up my development environment.  Since I was working with Claims Based Authentication, I had installed Visual Studio 2008 with SP1 prior to installing my SharePoint 2010 environment.  Due to some flags with the Microsoft.Net Framework Debugger, I started seeing this Cryptographic exception error messages constantly appearing asking me if I wanted to debug the exception with Visual Studio 2008.

Fortunately, I found an article which addressed this very issue:

After reading the article, I deleted the specified registry keys and re-booted the machine to ensure that all of the necessary SharePoint Services recognized the deleted registry keys.

For those of you who might prefer to run a script to automatically remove the necessary registry keys, I have provided the VBScript that I have used to perform this operation:

Call DeleteDebugRegistryKeys()

Sub DeleteDebugRegistryKeys()
 Dim objWSH

 Set objWSH = CreateObject("WScript.Shell")

 'Delete the 32-bit Registry Keys
 objWSH.RegDelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger"
 objWSH.RegDelete "HKLM\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger"

 'Delete the 64-bit Registry Keys
 objWSH.RegDelete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger"
 objWSH.RegDelete "HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger"

 Set objWSH = Nothing

End Sub

Simply copy and paste the script below into a file saved with the .vbs extension and you should be able to execute it on your problematic SharePoint 2010 server.

The next time I attempted to access SharePoint 2010 through the browser, voila!; the exception messages no longer appeared!

Sunday, February 20, 2011

Ctrl and Shift keys do not work for multi-selection in Windows Explorer

I have been using Windows 7 for quite some time and over that period of time, I have heavily customized numerous settings across the OS.

Unfortunately, the other day I encountered an unusual problem in Windows Explorer which prevented me from selecting multiple files using either the Ctrl key or the Shift key to highlight and select multiple items simultaneously.  I did not ever remember encountering this problem earlier in Windows 7 so I decided to do a bit of Googling.

As it turns out, this seems to be a common problem dating all the way back to Windows Vista.  It seems that it is common enough that Microsoft has published a Support Knowledgebase article detailing the problem:

You cannot use keyboard shortcuts to select more than one item in Windows Explorer after you install certain applications on a Windows Vista-based computer

Interestingly enough, the solution is quite simple:

To resolve this issue, use the Reset Folders command. To use the Reset Folders command, follow these steps:
  1. In the Windows Explorer window where this issue occurs, click Organize, and then click Folder and Search Options.
  2. On the View tab, click Reset Folders.

Friday, February 18, 2011

Where is the STSTestCert stored

When you install the Windows Identity Foundation SDK, a development X509 certificate is installed on your local machine.

Interestingly enough, while most certificates are installed in the Personal certificate store, the STSTestCert certificate is actually installed in the Trusted People store.

If you ever used an earlier source code build of the STS Federation Metadata Editor, you would notice that the list of Installed X509 Certificates that were displayed were from the Personal certificate store and therefore would not display the STSTestCert.  Fortunately, the code has been changed and updated to load installed certificates from the Local Machine rather than just from the User store.

Quote of the Day:

Everyone should live in Michigan!  You can either go to Paradise (Michigan) or you can go to Hell (Michigan).

Thursday, February 17, 2011

Fixing the ID4175 Error Message

If you have been working extensively with Windows Identity Foundation and using Claims-aware application with a Security Token Service, chances are you have seen the following dreaded error:

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

After doing quite a bit of research on this error message, I finally found a blog posting/article which indicated how to solve this error message rather easily!

  1. First, open the Web.config file of the Claims-aware Web Site
  2. Look for the element that looks like this: <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers>
    <add thumbprint="E1787F034DAA4F5401811F72F9B64E138FE6FF2F" name="http://localhost:48924/WingtipSTS/" />
  3. Now simply delete/remove this element entirely from the Web.config file
  4. Save your changes to the Web.config file
  5. Right click on the Claims-aware Web Site project and select Add STS Reference
  6. Proceed through the Federation Utility wizard once more to connect to the appropriate STS
  7. After the Federation Utility wizard completes successfully, the issuerNameRegistry element should have been re-added back to the Web.config
  8. Right click on the Default.aspx web form and select View in Browser 
  9. Verify that the Claims-aware Web Site now authenticates to the STS successfully!

In some cases, if you are working with existing code samples (such as can be downloaded from MSDN Code Gallery), the above set of steps will not work for you.  This is because using Add STS Reference actually reads the FederationMetadata.xml file contained in the STS.  Often, this file has been signed with the STSTestCert with a Thumbprint which differs from the Thumbprint of the STSTestCert which is installed on your local machine.  This Thumbprint is subsequently added to the Web.config file of your Claims-aware Web Site.

Fortunately, a CodePlex project called STS Federation Metadata Editor can be used for editing these FederationMetadata.xml files. The CodePlex project is located here

Once you edit and re-save these files using the Metadata Editor, you should be able to use the above set of steps for Add STS Reference to ensure that your Claims-aware Web Site is working properly and has all of the proper Web.config values.

Editing the FederationMetadata.xml file

If you have been working with Windows Identity Foundation for any length of time, it is likely that at one time or another, you will need to edit the FederationMetadata.xml file that you have created for your Security Token Service.

This file may need to be edited for a variety of reasons including changing the original Url from http to https or even changing the port number.  Unfortunately, manually editing this file can be extremely prone to error and may not even work in many cases.

Fortunately, a CodePlex project called STS Federation Metadata Editor has been started to provide a GUI interface for editing these FederationMetadata.xml files.  The CodePlex project is located here:

If you wish to generate a completely fresh/brand-new FederationMetadata.xml file, you can download a similar tool from here:

Working around missing Visual Studio 2010 Templates

As you may or may not already know, Windows Identity Foundation SDK 3.5 does not support Visual Studio 2010.

Therefore, in order to use the Visual Studio 2010 Templates, you must install Windows Identity Foundation SDK 4.0.  Unfortunately, all of the installed Visual Studio 2010 Templates only support Microsoft.Net Framework v. 4.0.

Well, if you need to still develop Claims-aware applications for Microsoft.Net Framework v. 3.5, there is still a solution available.

These are the steps you need to follow:

  1. Install Windows Identity Foundation SDK v. 4.0 (if you have not done so already)
  2. Open Visual Studio 2010
  3. From the File menu, select New-->Web Site
  4. Select the Claims-aware ASP.NET Web Site template (.NET Framework 4 should be selected in the dropdown list)
  5. Allow Visual Studio to create the Claims-aware ASP.NET Web Site
  6. Right click on the Visual Studo Web Site project and select Property Pages
  7. Once the Property Pages dialog opens, select Build from the left hand navigation menu
  8. From the Target Framework dropdown list, select .NET Framework 3.5
  9. If you are prompted with a dialog notifying you of the Target Framework changes that need to be made, click on the Yes button
  10. Click on the OK button to close the Property Pages dialog
  11. The Target Framework change will alter the necessary settings in the Web.config file, but the changes will not be complete in order to compile the web site successfully.  Therefore, right click on the Web Site project and select Build Web Site
  12. You should now see several error messages appear in the Error List window
  13. The first few error messages can easily be resolved.  Since the SampleRequestValidator.cs file did not exist as part of the Windows Identity Foundation SDK 3.5, this file can simply be deleted.  Right click on the SampleRequestValidator.cs file contained in the App_Code directory and select Delete
  14. Next, open the Web.config file and look for the following element: <httpRuntime requestValidationType="SampleRequestValidator"/>
  15. Since the SampleRequestValidator.cs file no longer exists within the Web Site project, this element can simply be removed from the Web.config file
  16. Save your Web.config file changes
  17. Save the Web Site project
  18. Once again right click on the Visual Studio Web Site project and select Build Web Site
  19. This time, if all goes well, the Web Site project should build successfully
  20. If you want to re-use this template that you have just modified for future .Net 3.5 projects, you can download the Export Template Wizard and install it from here:
  21. Once this extension has been installed, you will have to re-start Visual Studio for the extension to appear
  22. Now, re-open the ASP.Net 3.5 Web Site project you modified earlier
  23. From the File menu, select Export Template as VSIX
  24. You should now be able to complete the wizard so that the Project Template will be published as a Visual Studio 2010 Extension to facilitate future re-use.
  25. If you would like to create .Net Framework 3.5-compliant Web Site projects for the ASP.Net Security Token Service Web Site, you can simply change the Target Framework version to 3.5 as indicated in steps 6-11 above.
NOTE: If you want to save all of the above effort, just search for "Windows Identity Foundation" on the Visual Studio Gallery site ( and you might be able to find a template that you are looking for!  

Wednesday, February 16, 2011

Cleaning up an uninstall of Visual Studio 2010

If you uninstall Visual Studio 2010, as it turns out, the uninstall process does not clean up the files from the file system.  If you have numerous installed project templates that you want to retain, that might be a good thing.  However, if you are uninstalling Visual Studio 2010 because of some corruption with the installed project templates or various other issues plaguing your installed Visual Studio instance, you will have to manually remove the files from the file system.

  1. Open Windows Explorer
  2. Navigate to Program Files\Microsoft Visual Studio 10.0
  3. Right click on the directory and select Open Command Window Here
  4. At the command prompt, type cd.. to move up in the directory structure
  5. Type rmdir "Microsoft Visual Studio 10.0" /s /q
  6. Wait until the directory structure has been completely deleted/removed
  7. Navigate to C:\Users\<user name>\AppData\Roaming\Microsoft\VisualStudio\10.0\
  8. Repeat steps 3 and 4 above
  9. Type rmdir "10.0" /s /q
  10. Wait until the directory structure has been completely deleted/removed
  11. Navigate to C:\Users\<user name>\AppData\Roaming\Microsoft\VisualStudio\10.0\
  12. Repeat steps 3 and 4 above
  13. Type rmdir "10.0" /s /q
  14. Wait until the directory structure has been completely deleted/removed
  15. Re-install Visual Studio 2010

Fixing the Windows Identity Foundation 3.5 Templates

If you are still using Microsoft.Net Framework v. 3.5, but have since moved to Visual Studio 2010, unfortunately, you are out of luck in regards to the Windows Identity Foundation SDK.  The currently available version of the Windows Identity Foundation SDK 3.5 only supports Visual Studio 2008.  If you want the templates for Visual Studio 2010, you have to install Windows Identity Foundation SDK 4.0.

Well, if you still want to develop using Microsoft.Net Framework v. 3.5 and Windows Identity Foundation (for example, if you are a SharePoint 2010 developer), have no fear, there is still a workaround available.

As it turns out, the Visual Studio project templates used for Visual Studio 2008 do not differ greatly from the Visual Studio 2010 templates.  However, if you attempt to create a new Web Site project using the existing Visual Studio 2008 templates, you will get an error during the project creation.

Fortunately, the main difference between the Visual Studio 2008 and Visual Studio 2010 project templates comes down to a single file! (*.webproj)

After comparing the files used by Visual Studio 2010 and Visual Studio 2008, as it turns out, the *.webproj files simply need to be edited to support Visual Studio 2010.

You can simply manually edit these *.webproj files and add these lines:


After doing that and saving the project template, I was able to use the Windows Identity Foundation SDK 3.5 samples in Visual Studio 2010!

Here are the complete steps that I followed:

  1. Open Windows Explorer
  2. Navigate to Program Files\Windows Identity Foundation SDK\v3.5\Visual Studio Extensions\9.0
  3. From each of the .zip files extract the respective *.webproj files
  4. Add the text noted above to each of the *.webproj files
  5. Save the .webproj files
  6. Using a utility such as WinZip, WinRaR etc. replace the *.webproj files into their respective .zip files
  7. Save the changes to the .zip files
  8. Copy the modified .zip files to the location of the Project Templates (usually a location such as C:\Users\<user name>\Documents\Visual Studio 2010\Templates\ProjectTemplates\Visual C#)
  9. If you currently have any running instances of Visual Studio 2010, close them down.
  10. Re-launch Visual Studio
  11. Now, when you click on File-->New-->Web Site (with the .Net Framework 3.5 selected), you should see a set of Project Templates that will allow you to create Claims-aware Web Sites!
Update: You can now download .Net 3.5 compliant WIF Project Templates for Visual Studio 2010 from here:

Restoring Visual Studio project templates for Windows Identity Foundation

If you have installed the Windows Identity Foundation SDK, in most cases, the installation will add several new Visual Studio project templates that allow you to build Claims-aware applications.

These new project templates will appear when you select New-->Web Site from the Visual Studio File menu.

However, in some cases, you may not see these Visual Studio project templates registered within Visual Studio.
Fortunately, this situation can easily be remedied.

  1. Open Windows Explorer
  2. Browse beneath the Program Files (or Program Files (x86)) directory
  3. Open the Windows Identity Foundation SDK directory
  4. Go into the respective directory for the version of Windows Identity Foundation that you installed (v3.5 or v4.0)
  5. Go into the Visual Studio Extension directory
  6. Go into the 9.0 (Visual Studio 2008) or 10.0 directory (Visual Studio 2010)
  7. Within the respective directory, you should find a set of .zip files which contain the Visual Studio project templates for Windows Identity Foundation
  8. Open the following path in Windows Explorer Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ProjectTemplates\CSharp\Web\1033
  9. Copy the project template .zip files from the Windows Identity Foundation SDK directory into this directory
  10. If you have a currently running instance of Visual Studio, close the running instance(s)
  11. Re-launch Visual Studio and verify that the new project templates now appear when you attempt to create a new Web Site
  12. If the new project templates still do not appear after launching Visual Studio, re-boot the machine and then subsequenly re-launch Visual Studio.

Tuesday, February 15, 2011

Fixing issues with Windows Identity Foundation Code Samples

If you are just starting to work with programming using Windows Identity Foundation, chances are that you have downloaded source code from MSDN Code Gallery such as from here:

If you are working with Visual Studio 2010, chances are that the source code will not work as downloaded.  Therefore, I will provide the steps that you will need to follow in order to get many of these projects functioning as expected.

Once you have downloaded and extracted the project file, you will want to open the project in Visual Studio.  In most cases, the code samples include one or more Claims-Aware web sites.

Since Visual Studio 2010 will by default want to try and use the built-in Cassini Web Server, Visual Studio will have the property for Use dynamic ports set to true.  To correct this problem, do the following

  1. Right click on the Visual Studio web site project and select the Properties window
  2. Select the field for Use dynamic ports
  3. From the dropdown list selection, select False
  4. Save the project
  5. Repeat this process for as many web site projects as are present in the Visual Studio solution

If the solution is using an STS (Security Token Service), chances are that the Claims-aware Web Site will not work out-of-the-box with the STS configured in the Visual Studio solution.

To rectify this situation, you must perform the following steps:

  1. Right click on the Visual Studio project containing the Claims-aware Web Site
  2. Select Add STS Reference
  3. This will launch the Federation Utility wizard
  4. By default, the Federation Utility wizard should be populated with the correct location paths
  5. If the content is correctly populated, click on the Next button
  6. If you are prompted with a dialog stating that the application is not hosted on a secure connection, click on the Yes button to continue
  7. On the following screen, click on the radio button next to Use an existing STS (NOTE: If you are using the built-in Visual Studio Web Server, the Url will not be available until you browse to a web page in the STS Web Site which effectively starts the Cassini Web Server)
  8. For the STS WS-Federation metadata document location, enter the Url to the existing STS Web Site configured in the Visual Studio solution (ex: http://localhost:48924/WingtipSTS/FederationMetadata/2007-06/FederationMetadata.xml)
  9. If you wish to verify the Url, click on the Test Location button
  10. If you are prompted with a dialog stating that the security token service endpoint is not hosted on a secure connection, click on the Yes button to continue
  11. If you receive a signing certificate chain validation error dialog, click on the radio button for Disable certificate chain validation (since this is a development environment) and click on the Next button
  12. On the Security Token dialog, select the radio button for No encryption and click on the Next button
  13. If everything is configured correctly, you should see a dialog displaying the Offered Claims from the STS Web Site.  Click the Next button to proceed
  14. The final dialog will be a Summary dialog.  Click Finish on the Summary dialog to complete the Federation Utility wizard.
  15. A final message box will display stating Federation Utility completed successfully.

Monday, February 14, 2011

Problems installing SharePoint 2010 Software Prerequisites

When attempting to install the software prerequisites for SharePoint 2010 on Windows Server 2008 R2, on several occasions, I have encountered errors during the installation which prevented all of the software prerequisites from being installed in a single installation operation.

Interestingly enough, each time the software prerequisite installation failed, it always seemed to fail on the installation of the .Net Framework 3.5 SP1 Hotfix.  (Hotfix for Microsoft Windows (KB976462)).

Fortunately, you can manually download the hotfix from here:

In some instances, simply installing this hotfix and re-running the software prerequisites installer seems to be sufficient.  In other instances, if this does not work, the other remedy is to simply re-start the machine and then resume the software prerequisite installation.

Windows 7 and Windows Server 2008 R2 Configuration Tool

If you had used Windows Vista in the past, you are probably familiar with the tool vLite.  vLite was a very useful tool for customizing and tweaking a Windows Vista installation.  Unfortunately, once Windows 7 was released, an update was never released to support Windows 7.

However, fortunately, another team has taken up the task of offering a tool similar to vLite called RTSe7enLite.    Even better news is that they offer a version for both Windows 7 as well as Windows Server 2008 R2.  The tool for customizing the server operating system is called RT Server Customizer.

You can read more about these tools and download them from their website:

Sunday, February 13, 2011

Web.config transforms with .Net Framework 3.5

If you have been following the new changes that have become available with the release of .Net Framework v. 4.0, in all likelihood you have heard about Web.config transforms.

Essentially, Web.config transformations allow you to modify the Web.config file at build-time based on a specific build configuration such as Debug, Release etc.  As you can guess, this is an immensely useful feature since it now allows scenarios such as deploying different connection strings for different environments incredibly easy.  You simply add the required connectionStrings to the respective build configuration file (such as Staging, Dev, Test, Production etc.) and then build the application with the necessary build configuration.

If you are not yet familiar with Web.config transformation syntax, you can read more about it here:
Web.config Transformation Syntax for Web Application Project Deployment

One of the first problems that you will encounter through most of the documentation posted on the Web is that Microsoft's default scenario expects you to build a Web Deployment package in order to get the required Web.config output.  Well, as it turns out, that is not necessary.  The article below describes how to build the required functionality simply using MSBuild:

Of course, the second problem you will encounter throughout the documentation is that the assumption is you are building a .Net Framework v. 4.0 project.  Well, what if you are still using .Net Framework v. 3.5?  Fear not, you can use Web.config transformations as well.

What the documentation will not tell you, is that even though this functionality was built with the release of .Net Framework v. 4.0,  you do not need to use a .Net v. 4.0 project to utilize these features.  As you can probably guess, you simply need to build your .Net Framework v. 3.5 project either with Visual Studio 2010 or MSBuild 4.0.

If you have previously upgraded a Web Application project from Visual Studio 2008, Visual Studio 2010 will not automatically add the default Web.Debug.config and Web.Release.config files to your Web Application project.  Therefore, in order to get samples of these files, you can do the following:

  1. Launch Visual Studio 2010
  2. Create a new ASP.Net 3.5 Web Application project
  3. Notice that the Web.Debug.config and Web.Release.config files are created as part of the project
  4. Save the new project and close the solution
  5. Open your existing Web Application project (upgraded from Visual Studio 2008)
  6. Right click on the project file and select Add-->Existing Item
  7. Browse to the location of the previously created ASP.Net 3.5 Web Application project
  8. Add both the Web.Debug.config and Web.Release.config files to your project
  9. Save your project with the newly added files
You should now be able to utilize Web.config transformations as part of your ASP.Net 3.5 Web Application project!

Friday, February 11, 2011

Setting up and using the SecurityTokenVisualizer Control

From my previous post Installing the SecurityTokenVisualizer Control you should now be able to begin setting up and configuring the control for use in debugging your applications.

However, this is not such an easy task as it may seem and requires quite a number of steps in order to be able to use the sample application provided.

IIS Settings

As part of the SecurityTokenVisualizer Control setup, you will need to verify that IIS is setup and running correctly.

Server Certificates

  1. Open up Internet Services Manager
  2. At the root of the IIS Console, click on Server Certificates
  3. Verify that there is a Server Certificate listed that states STSTestCert
  4. Right click on the Server Certificate and select the View menu item
  5. Click on the Details tab
  6. Select the Thumbprint list item
  7. Copy the Thumbprint value to the clipboard or to notepad etc.
  8. Click the OK button

SSL Settings

  1. Now, you must configure the website for the FabrikamAirlines Sample with SSL (this should usually be the Default Web Site)
  2. Right click on the Default Web Site
  3. Select Edit Bindings
  4. Click on the Add button
  5. Select https as the Type
  6. From the list of available SSL Certificates, select STSTestCert
  7. Click the OK button
  8. Now you must ensure that the respective Web Applications in Default Web Site are configured to use SSL
  9. Click on the CloudyBuddiesSTS Web Application
  10. Select SSL Settings 
  11. Check the checkbox for Require SSL
  12. Repeat steps 9-11 for the FabrikamAirlinesWebSite Web Application

Visual Studio Solution

Now that you have properly configured IIS, you can begin working with the Visual Studio Solution.

  1. Open the FabrikamAirlinesSample.sln solution file in Visual Studio. (located at SecurityTokenVisualizerControl\code\FabrikamAirlinesSample)
  2. The Visual Studio solution should contain both the CloudyBuddiesSTS Web Site as well as the FabrikamAirlines Web Site
  3. Open the web.config file beneath the FabrikamAirlines Web Site
  4. Locate the following element: 
  5. <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedIssuers> <add thumbprint="0E2A9EB75F1AFC321790407FA4B130E0E4E223E2" name="CN=STSTestCert"/> </trustedIssuers> </issuerNameRegistry>
    5.  For the thumbprint attribute, replace the value currently present with the value you copied earlier from the Server Certificate.  Be sure to remove all the spaces between all of the characters.
    6.  For the name attribute, enter the Url for the CloudyBuddies STS Web Site.  This will usually be something like https://localhost/CloudyBuddiesSTS/
    7.  Save your changes to the web.config file
    8.  Now, from the FabrikamAirlines Web Site, select View in Browser for Default.aspx
    9.  If all goes well, you should now be able to view the contents of the SAML Token generated by Windows Identity Foundation using the SecurityTokenVisualizer Control!

    Installing the SecurityTokenVisualizer Control

    If you have started programming with Windows Identity Foundation, chances are that at some point in time you will need to be able to debug and view the contents of the Security Tokens that are being created.

    Thankfully, Microsoft has created such a control which allows you to view the contents of the Security Token as well as the raw SAML Token that is being created.

    Unfortunately, the original control was written back in November of 2009 and is therefore no longer valid for the latest release of the Windows Identity Foundation SDK.  In addition, because the code is quite old, it also does not support Visual Studio 2010 (only Visual Studio 2008).

    You can download the SecurityTokenVisualizer Control from here:

    However, once you have downloaded the control, installing it becomes the tricky part.

    Before, you get started, you will need to make sure you have the following things installed/configured:

    1. Windows Vista/7 with IIS 7/IIS 7.5
    2. Windows Powershell
    3. Windows Identity Foundation Runtime
    4. Windows Identity Foundation SDK
    5. Visual Studio 2008 with SP1

    Installing the SecurityTokenVisualizer Control

    1. Run the SecurityTokenVisualizerControlPDC09.Setup.exe
    2. Select a target location for extracting the files
    3. Once the extraction is complete, a Configuration Wizard will launch
    4. Since the Configuration Wizard was scripted a long time before the latest release of the Windows Identity Foundation SDK, it will not work.  Therefore, click on the Cancel button at this time.
    5. Now for some manual editing.  
    6. Look for a directory below the extracted SecurityTokenVisualizerControl called dependencyChecker
    7. You should find a file called Dependencies.xml
    8. Open up the file in a text editor of your choice and look for an element that looks like this:

      <dependency value=".\scripts\Dependencies\Check\CheckWifSdk.ps1"
      title="Microsoft Windows Identity Foundation SDK"
      explanation="The control requires Windows Identity Foundation SDK"
      downloadUrl="" />
    9. Remove this element from the file (there should be 2 instances of it total within the file)
    10. Save the changes to the file.
    11. From within the dependencyChecker directory, you should now be able to manually launch the ConfigurationWizard.exe.
    12. Once all of the checks complete successfully, you should be able to proceed with the installation of the SecurityTokenVisualizer Control.