IIS Support & notes for change set 10142

Apr 13, 2008 at 6:02 AM
Edited Apr 13, 2008 at 6:05 AM
Changeset 10142 contains support for hosting in IIS. In order this to enable there have been a few changes.

Breaking Changes

  • The main namespace has changed from SharpSTS.Core to SharpSTS. This means all configuration files you have and any providers will need to be changed to reflect the new namespaces.
  • The endpoint names for the example command line hosted STS have changed to match those in the example IIS hosted STS. This means any managed cards you have generated will no longer work, as they are pointing to the wrong URIs.
  • Host entries are now ignored; you must set the base address and base mex address as part of the STS settings, for example
baseSTSAddress = "http://www.woodgrovebank.com:9000/sts/"
baseMexAddress = "https://www.woodgrovebank.com:9001/sts/"
  • The STS settings are no longer publicly accessible. If you have used these in your authorisation provider please let me know; I judged that the public exposure was unnecessary.


  • You can now disable the IP address checking performed by the (still incomplete) Card Control service, this is controlled adding a disableCardControlIPChecks = "true" attribute/value to the STSConfiguration element
  • If you are hosting under IIS you must add the endpoint information to the STS Settings as it is not possible to auto-discover the endpoints, for example
<clear />
<add name="SharpSTS.UserNameAuthSTS" serviceFileName="username.svc" />
<add name="SharpSTS.SelfIssuedSamlAuthSTS" serviceFileName="selfissued.svc" />
  • If you receive a COM+ error when loading the solution it will be the web application project; it should default to be hosting inside VS's test web server; but if may have taken the settings from my machine where it is expecting to be hosted in an IIS7 "www.woodgrovebank.com" web site. Self hosting inside IIS is not sufficient; the STS must be hosted within IIS, with bindings to both HTTP and HTTPS. Please remember to "tweak" the web.config settings to use the correct signing certificate and endpoint credentials.