A SignInResponse message may only redirect within the current web application

If you have developed  a claims aware federated application (relying party) using Windows Identity Foundation (WIF), you may have noticed that when you type the URL of your application, you get redirected to the configured STS, get authenticated and all that token dance and when finally everything is working and you the redirect you get back to the relying party application boom!… you get the following error…

System.IdentityModel.Services.FederationException:
ID3206: A SignInResponse message may only redirect within the current web
application: ‘/xxxxx’ is not allowed.

Turns out (after wasting enough time figuring out what happened and searching for answers on the internet if you are a newbie), you missed the trailing slash ‘/’ at the end of the URL to your relying party…

Frustrating isn’t it? There are multiple ways to fix this problem… here is a quick way to solve this…

You can check for the trailing slash ‘/’ and redirect in the Application_BeginRequest method of global.asax as shown below

    private void Application_BeginRequest(object sender, EventArgs e)

    {

        if (String.Compare(Request.Path, Request.ApplicationPath, StringComparison.InvariantCultureIgnoreCase) == 0 && !(Request.Path.EndsWith(“/”)))
Response.Redirect(Request.Path + “/”);

    }

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s