This is just a small post. Last few days I was working on Custom Identity provider. I created a STS site using the Visual studio template “ASP.NET Security Token Service Website” .
I also created the my new website that was actually going to use the above STS as Identity Provider. I added the STS reference to my new website using VS IDE.
Now When I ran my application I was redirected first to Login page of STS that was as expected. I got happy but as soon as I clicked on login, there was an exception. And the exception message was
“Unable to evaluate expression because the code is optimized or a native frame is on top of the call stack.”
When I run the code in debug mode I found that there is exception on the line on page default.aspx.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse( responseMessage, Response );
I tried to find some solution and found the solution. I checked and found that it is ThreadAbortException exception and it occurs and it is cause of response.redirect with the endResponse set to true.
But the whole functionality works fine. So to avoid this issue we need to add a line
catch (System.Threading.ThreadAbortException) { } // Thrown by redirect, ignore this
So now the page code will be.
protected void Page_PreRender( object sender, EventArgs e ) { string action = Request.QueryString[WSFederationConstants.Parameters.Action]; try { if ( action == WSFederationConstants.Actions.SignIn ) { // Process signin request. SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri( Request.Url ); if ( User != null && User.Identity != null && User.Identity.IsAuthenticated ) { SecurityTokenService sts = new CustomSecurityTokenService( CustomSecurityTokenServiceConfiguration.Current ); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( requestMessage, User, sts ); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse( responseMessage, Response ); } else { throw new UnauthorizedAccessException(); } } else if ( action == WSFederationConstants.Actions.SignOut ) { // Process signout request. SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri( Request.Url ); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest( requestMessage, User, requestMessage.Reply, Response ); } else { throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut ) ); } } catch (System.Threading.ThreadAbortException) { } // Thrown by redirect, ignore this catch ( Exception exception ) { throw new Exception( "An unexpected error occurred when processing the request. See inner exception for details.", exception ); } }
I found that it is known issue.
Hope this will help people.
Cheers,
Brij
Pingback: Claim based Authentication and WIF : Part 2 « Brij's arena of .NET
It helped me a lot to my work, thank you very much
Thanks!!
Thanks Brij. I got this message when I tried your Part-2 tutorial. I refreshed the page and it worked. Then I searched to see if you have already blogged it and I found this.
I have just started digging into writing my Custom STS and your blog is very helpful.
Thanks.
-Om
Glad that you find my post useful
Cheers,
Brij
Important gotcha from Brij Mishra about the ThreadAbortException fix of the default STS project template in WIF.
Thanks a lot!!
You say that if I catch this exception, everything should work fine? It’s not for me. The STS is not redirecting back to the relying party. It is returning HTTP Status code 200 (OK) instead of 302 (Redirect) and I see the SAML token’s XML in my web browser. Has anyone else seen this?
Thank you thank you. A great help 🙂
Glad to know that you find is useful