1. m_safeCertContext is an invalid handle
I got this issue when try to assign a X509SigningCredentials to the custom STSConfiguration.
this.SigningCredentials = new X509SigningCredentials(cert);
Make sure don’t call cert.Reset() before passing the cert to X509SigningCredentials constructor
2. Keyset does not exist
3. A potentially dangerous Request.Form value was detected from the client (wresult=”<trust:RequestSecuri…”).
Make sure you have this setting in your web.config (under system.web)
Just like all the Service Oriented approaches, metadata is the key, for example, with web services, you just have to build the service (using ASMX file or WCF) it will generate the WSDL file for your service automatically, so the client code can easily consume. We expect the same thing with WIF, unfortunately, we cannot just build a STS and then somehow it exposes the federation metadata for that.
Most of the samples in WIF SDK and the Programming WIF book are showing you how to generate the metadata from a Visual Studio template. But there is almost no documentation on how to create the federation metadata manually (or dynamically), especially when you build a custom STS using MVC (hopefully we will have the template for MVC soon, but still not solving the dynamic issue).
WIF itself does provide APIs for this task, below are some very simple codes (I copy most of them from http://netpl.blogspot.com/2011/08/quest-for-customizing-adfs-sign-in-web.html). I just tried to put thing together and see how to use the WIF metadata API. For a more complete sample, please see the link above.
const string _endpoint = "http://yoursts.com";
static void Main(string args)
string endpointId = _endpoint;
EntityDescriptor entityDescriptor = new EntityDescriptor(
// Signature, I created a certificate using portecle and installed
// it under TrustedPeople/CurrentUser
X509Certificate2 cert =
StoreName.TrustedPeople, StoreLocation.CurrentUser, "CN=HoaSTSCert, C=US");
entityDescriptor.SigningCredentials = new X509SigningCredentials(cert);
SecurityTokenServiceDescriptor roleDescriptor = new SecurityTokenServiceDescriptor();
// required protocols supported
// This section is for key descriptor
SecurityKeyIdentifierClause clause = new X509RawDataKeyIdentifierClause(cert);
SecurityKeyIdentifier ski = new SecurityKeyIdentifier(clause);
KeyDescriptor signingKey = new KeyDescriptor(ski);
signingKey.Use = KeyType.Signing;
// This section is for endpoint
string activeSTSUrl = _endpoint;
EndpointAddress endpointAddress = new EndpointAddress(
// Active endpoint
// Passive endpoint
// Serialize process...
MetadataSerializer serializer = new MetadataSerializer();
//MemoryStream stream = new MemoryStream();
string fileName = @"FederationMetadata.xml";
XmlWriter writer = XmlWriter.Create(fileName);
XmlWriterSettings settings = new XmlWriterSettings();
settings.Indent = true;
That is interesting that my previous post talked about error pages in asp.net and yesterday I got this (see image below) when I tried to access blackberry online shopping site
That is good to know that this website is built using ASP.NET MVC, WCF and a Controller-Service-Repository pattern, so instead of disappointed cause the website crashed, I felt like this is built by some of my “friends”
PS: the good news is it was fixed right after that!
If you are running IIS 7.x, there is a very simple solution to handle 404 (Page Not Found). I found this solution from
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404" />
<error statusCode="404" responseMode="ExecuteURL" path="/Error/PageNotFound" />
Recently, I’m having some issues when deal with the default browser. There is breaking change on Vista (and Win7) as described here
This is the second time I ran into this issue and think I should copy it here so that I don’t have to google it next time. The solution has been posted on
Below is the script from that post
EXEC sp_dbcmptlevel 'yourDB', '90';
ALTER AUTHORIZATION ON DATABASE::yourDB TO "yourLogin"
EXECUTE AS USER = N'dbo' REVERT
Have you ever frustrated when right click on Windows Explorer icon and select “Run as Administrator” but still got some kind of “Access Is Denied” message? The reason is Windows Explorer still doesn’t run under Admin right. Below is how to solve the problem according to http://www.msfn.org/board/topic/144776-unable-to-open-an-elevated-windows-explorer-window/
But I just want to put it here for my reference
1. Run dcomcnfg.exe
2. Flow screens below
This is particularly useful when you want to install assemblies into GAC in your production servers those don’t have Windows SDK.