Documentation?

Mar 20, 2008 at 2:36 AM
I downloaded all the latest source, and with the exception a single readme file, I found no documentation on how to configure, use or extend this.

I'm quite new to Cardspace, SAML, IDentity management, and STS does seem to be one of those apps you can just figure out without some good documentation.

Are there docs available, and if so, where?

Thanks!
Coordinator
Mar 20, 2008 at 7:02 AM
Um yes. Currently it's a case of "Hey you have the code, what more do you need?" grin

I'm aware of the lack of documentation beyond the read me; it's second of my todo list (first being IIS hosting support).

It's a holiday weekend here, so I have a bunch of time; I will try to knock out a very simple getting started document which may see you on your way; basically you're aiming to implement your own AuthorisationPolicyProvider - which of course isn't that much help when there are no guidelines; but there is a sample one using the ASP.NET membership database you can poke around with. It would be useful if you go ahead with out the docs if you could document where you're getting stuck and drop me an email so I can make sure those bits are detailed in the documentation when it arrives.

Thanks,
Barry
Mar 20, 2008 at 6:50 PM
Edited Mar 20, 2008 at 7:15 PM
A getting started guid would be great, including some troubleshooting hints.

For starters I'm trying to issue a managed card (U/P). I've set up the db and added a user to the membership database.

I've also added the SSL to the httpconfig and set the acl's per the readme doc for running under vista.

I've run the commandlinests.exe which is showing all the ports open. When I try to create the card however I'm getting an exception:

System.ServiceModel.ServerTooBusyException: The HTTP service located at http://www.woodgrovebank.com:9000/sts/cardControl.svc is too busy

I've search the event logs but see no additional errors or warnings. I've also examined the commandlinests logs in the service trace viewer and found no errors.

This appears to be a hosting related issue. Your thoughts?
Coordinator
Mar 20, 2008 at 8:38 PM
Weird, not seen that at all. Can you open http://www.woodgrovebank.com:9000/sts/cardControl.svc in your browser?
Mar 20, 2008 at 9:52 PM


blowdart wrote:
Weird, not seen that at all. Can you open http://www.woodgrovebank.com:9000/sts/cardControl.svc in your browser?

Service Unavailable

--------------------------------------------------------------------------------

HTTP Error 503. The service is unavailable.


here's the output of the urlacl. I think it all looks good
C:\Users\Chris\Desktop\SSO\CardSpace\source\SharpSTS\Source\Command Line Card Wr
iter>netsh http show urlacl

URL Reservations:
-----------------

Reserved URL : http://*:2869/
User: NT AUTHORITY\LOCAL SERVICE
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;LS)

Reserved URL : http://*:5357/
User: BUILTIN\Users
Listen: Yes
Delegate: No
User: NT AUTHORITY\LOCAL SERVICE
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

Reserved URL : https://*:5358/
User: BUILTIN\Users
Listen: Yes
Delegate: No
User: NT AUTHORITY\LOCAL SERVICE
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

Reserved URL : http://+:80/wsman/
User: NT AUTHORITY\NETWORK SERVICE
Listen: Yes
Delegate: Yes
SDDL: D:(A;;GA;;;NS)

Reserved URL : http://+:10243/WMPNSSv4/
User: NT SERVICE\WMPNetworkSvc
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;S-1-5-80-2375682873-768044350-3534595160-1005545032
-2873800392)

Reserved URL : http://+:10243/WMPNSSv3/
User: NT AUTHORITY\NETWORK SERVICE
Listen: No
Delegate: No
SDDL: D:(A;OICI;KA;;;NS)

Reserved URL : https://+:2178/BITS-peer-caching/
User: NT SERVICE\BITS
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;S-1-5-80-864916184-135290571-3087830041-1716922880-
4237303741)

Reserved URL : http://+:8731/DesignTimeAddresses/
User: NT AUTHORITY\INTERACTIVE
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;IU)

Reserved URL : http://+:80/TemporaryListenAddresses/
User: \Everyone
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;WD)

Reserved URL : http://+:9000/sts/selfissuedsaml/
User: BUILTIN\Users
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)

Reserved URL : https://+:9001/sts/selfissuedsaml/
User: BUILTIN\Users
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)

Reserved URL : http://+:9000/sts/usernamepassword/
User: BUILTIN\Users
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)

Reserved URL : https://+:9001/sts/usernamepassword/
User: BUILTIN\Users
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)

Reserved URL : http://+:9000/sts/cardControl.svc/
User: BUILTIN\Users
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;BU)

So this is interesting:
http://www.woodgrovebank.com:9000/sts/usernamepassword/sts -> fails with (Internet Explorer cannot display the webpage)
http://www.woodgrovebank.com:9000/sts/usernamepassword -> Works (shows helper page in IE)
https://www.woodgrovebank.com:9001/sts/usernamepassword -> Works (helper page in IE)
http://www.woodgrovebank.com:9000/sts/selfissuedsaml/sts -> fails with (Internet Explorer cannot display the webpage)
https://www.woodgrovebank.com:9001/sts/selfissuedsaml/mex -> Works (attempts to delivery the mex data to my IE browser)
http://www.woodgrovebank.com:9000/sts/selfissuedsaml -> Works (helper page in IE)
https://www.woodgrovebank.com:9001/sts/selfissuedsaml -> Works (helper page in IE)
http://www.woodgrovebank.com:9000/sts/cardControl.svc -> fails with (Service Unavailable (503)
http://www.woodgrovebank.com:9000/sts/cardControl.svc/mex -> fails with (Service Unavailable (503)
http://www.woodgrovebank.com:9000/sts/ -> Works (helper page in IE)

The services that dont work seem to have the same acl settings as the ones that do.

I'm pretty stumped here
Coordinator
Mar 20, 2008 at 10:27 PM
Yes, you can't open up any of the STS endpoints; you're not sending the right authentication information.

You should see

- <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
- <s:Body>
- <s:Fault>
<faultcode xmlns:a="http://schemas.microsoft.com/ws/2005/05/addressing/none">a:ActionNotSupported</faultcode>
<faultstring xml:lang="en-GB">The message with Action '' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding (including security requirements, e.g. Message, Transport, None).</faultstring>
</s:Fault>
</s:Body>
</s:Envelope>

from the cardControl service. Interesting the cardcontrol service takes over /sts/.

Try commenting out the IP checking code; it's, err, a little flakey. Open up CardControlService.cs and comment out the lines

if (!IPAddressAuthorisation.IsAuthorised(RequestingIPAddress(OperationContext.Current)))
throw new ApplicationException("Unauthorised calling IP");

in each implementation method.

Mar 20, 2008 at 10:48 PM
Edited Mar 20, 2008 at 10:51 PM
I've modified the code as suggested, but it made no difference.

Correct me if Im wrong, but I dont think the service is ever getting the message on those endpoints.

When I view the service trace log for the endpoints that work, I see trace messages about bytes received on connection <endpoint address>.

When I try to visit the endpoints that fail, there is no additional detail in the service log.

If you think you'd find it useful, I can send you my svc log.
Coordinator
Mar 21, 2008 at 12:31 AM
Very weird; if you run it are there any exceptions in the output window in visual studio when you hit the URL in the browser? There are always first chance exceptions of type 'System.Configuration.ConfigurationErrorsException' (when default settings aren't present).
Mar 21, 2008 at 12:52 AM
negative. It loads up the dll's associated with the service host plumbing, but reports no exceptions.

'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GAC32\mscorlib\2.0.0.0_b77a5c561934e089\mscorlib.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\Microsoft.VisualStudio.HostingProcess.Utilities\9.0.0.0_b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Windows.Forms\2.0.0.0_b77a5c561934e089\System.Windows.Forms.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System\2.0.0.0_b77a5c561934e089\System.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Drawing\2.0.0.0_b03f5f7f11d50a3a\System.Drawing.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\9.0.0.0_b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\Microsoft.VisualStudio.Debugger.Runtime\9.0.0.0_b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Runtime.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Users\Chris\Desktop\SSO\CardSpace\source\SharpSTS\Source\Command Line STS\bin\Debug\CommandLineSTS.vshost.exe', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Configuration\2.0.0.0_b03f5f7f11d50a3a\System.Configuration.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Core\3.5.0.0_b77a5c561934e089\System.Core.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GAC32\System.Data\2.0.0.0_b77a5c561934e089\System.Data.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.ServiceModel\3.0.0.0_b77a5c561934e089\System.ServiceModel.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Xml\2.0.0.0_b77a5c561934e089\System.Xml.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
The thread 0xa58 has exited with code 0 (0x0).
The thread 0x13a8 has exited with code 0 (0x0).
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Users\Chris\Desktop\SSO\CardSpace\source\SharpSTS\Source\Command Line STS\bin\Debug\CommandLineSTS.exe', Symbols loaded.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Users\Chris\Desktop\SSO\CardSpace\source\SharpSTS\Source\Command Line STS\bin\Debug\SharpSTS.Core.dll', Symbols loaded.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\SMDiagnostics\3.0.0.0_b77a5c561934e089\SMDiagnostics.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GAC32\System.Web\2.0.0.0_b03f5f7f11d50a3a\System.Web.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.WorkflowServices\3.5.0.0_31bf3856ad364e35\System.WorkflowServices.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.ServiceModel.Web\3.5.0.0_31bf3856ad364e35\System.ServiceModel.Web.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0_b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll'
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.IdentityModel\3.0.0.0_b77a5c561934e089\System.IdentityModel.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Web.Services\2.0.0.0_b03f5f7f11d50a3a\System.Web.Services.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'CommandLineSTS.vshost.exe' (Managed): Loaded 'C:\Windows\assembly\GACMSIL\System.Runtime.Serialization\3.0.0.0_b77a5c561934e089\System.Runtime.Serialization.dll', Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
The thread 0xd98 has exited with code 0 (0x0).
Coordinator
Mar 21, 2008 at 6:32 AM
I must admit I'm at a loss here; you could try asking on the WCF forums, it looks like something in WCF is stopping it.
Coordinator
Mar 26, 2008 at 10:01 AM
OK try deleting all the reservations for the STS and then reserving at a higher scope;

netsh http add urlacl url=http://+:9000/sts/ user=BUILTIN\Users
netsh http add urlacl url=https://+:9001/sts/ user=BUILTIN\Users

There's some hokey nonsense going on because I'm half way to trying to get the command line client to work like IIS would with regards to service names (in theory)
Apr 7, 2008 at 2:17 PM
After receiveing no responses on the WCF support forum (thanks MFST!), I switched my dev environment from Vista Ult. to XP sp2 and was able to reach the endpoints.

I'll try your suggestion on my vista machine and let you know how it works.