I have a situation where we have a MVC 2 application(I tried this with a basic MVC 2 app without any extra stuff, still same problem) and am using adfs 2 for authenticating my users.
So.. Now I get into my application and I get the below.. ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: Microsoft.IdentityModel.Protocols.FederationException: ID3206: A SignInResponse message may only redirect within the current web application: '/[app]' is not allowed.
I have read most blogs on this, and posted to one..
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://auth.[domain]/adfs/ls/" realm="https://[development domain]/[app]/" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<audienceUris>
<add value="https://[development domain]/[app]/" />
</audienceUris>
I think it’s a problem with the fact it’s a MVC application, I have created numerous Claims Aware website and got my claims etc on the default.aspx page. My thinking is that the routing that is involved with the MVC app is somehow posting it back wrong?
any help really apprecaited as Im looking at this for quiet a while now to no avail..
J
I've been tearing my hair out on this one. I too have the trailing slash specified in my configuration. Turns out that, in my case, navigating to my app with a trailing slash in the browser like so:
will work, whereas
will not.
If I can dig up some more reasons why this is the case, I will add some more background on why this is happening.