.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Changed to claims based authentication, now I can't access my site. Please help! Time is of the ess

Posted By:      Posted Date: September 16, 2010    Points: 0   Category :SharePoint
I am in a pretty big bind. I have a sharepoint 2010 site, that was using classic windows authentication. It worked fine from the inside, and I was able to extend it to the outside and it was using https with an SSL certificate. However, my performancepoint reports and my external lists weren't working when the site was accessed from the outside. Apparently this is a known issue with using classic authentication on the outside, so I tried to switch over to claims based authentication. I followed this guide: http://blogs.technet.com/b/wbaer/ar...point-2010.aspx I obviously changed the contoso stuff to my domain name, and changed all of the config files. The problem is, now I can't access the site at all from the inside or the outside. Here is the error I get in my logs: code: An exception occurred when trying to issue security token: Could not connect to [url]http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.[/url] TCP error code 10061: No connection could be made because the target machine actively refused it . My Sharepoint Central Administration site gives me this warning: code: The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state. Remedy Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, f

View Complete Post

More Related Resource Links

SharePoint 2010 Claims Based Authentication - anonymous site is prompting for CBA auth when opening

Hi, I have CBA setup successfully on my sites.  One site is setup for anonymous access and I have disabled "client integration" on that web application. I have a list of MS Office documents on a wiki.  When I click on one I am asked to either save or open or cancel.  Saving works fine but when I choose open, it launches the associated MS Office app.  I am then prompted for a login from CBA.  I can click cancel and the logon screen appears again.  After clicking cancel the 2nd time the document appears in the MS Office app, Word in this case. My question is how do I prevent my users from being prompted for a CBA login when clicking on these files and opening them in the native app on their machine?      --TR

Claims Based Authentication - Access Denied for NTLM - Network Related



We have setup a test SharePoint environment on a single box. If we create a new classic authentication web application using NTLM the site works fine, and recognizes AD users correctly. Users can then login successfully. If we create a new claims based authentication web application using NTLM all users receive an Access Denied error when trying to view the site. The application will recognize AD users when applying permissions in Central Admin's User Policy section, but none of those users are able to access the site.

If I turn on Fiddler Capture, the sites will work fine. Once I turn it off the sites no longer work and we are again presented with an Access Denied exception (or sometimes 403 Forbidden in Firefox and Chrome). I know that Fiddler create a local proxy so I'm curious what that proxy is doing that allows claims based to work correctly.

Has anyone seen this before? Does this sound Firewall/Antivirus related? Client or server?

Thank you,



Access via mobile device on claims based site



I have a claims based site with FBA setup. I have two problems:

- I use a custom made login page instead of the default FBA login. This works fine in the desktop browser, but it gives me a 403 error on my mobile device.
- I checked which page should be the mobile login. That seems to be /_layouts/mobile/default.aspx. I can access that page with my mobile device, but when I try to login, it throws an error on the server: "The security token username and password could not be validated" and I cannot log in.

I know quite sure the security token service has been configured properly, since I can login via desktop browser. I've tried entering my loginname as username, domain\user and even the claims based user id (i:0#.w|domain\username); they all fail.

MCTS in Web Application Development in .NET 2.0

Increase Session Time Out in WSS 3.0 Form based Authentication Site


How to increase session time out for form based authenticated shrepoint site ,

Default Sharepoint  time out is 30 min ...

I want session shuld expire after 120 min..


Getting HTTP 500 error while accessing sharepiont site with claims based authentication


I have configured one of my SharePoint sites default zone with windows authentication and claims authentication. I am able to access the site properly with windows authentication. But, when I am accessing the site with claims, I am getting Http 500 error. When I captured the http headers, I see below information.

Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: https://myhost/adfs/ls/?wa=wsignin1.0&wtrealm=urn%3amyhost%3aadfsupn&wctx=https%3a%2f%2fmyhost.moss.com%3a9696%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: myhost.moss.com:9696
Content-Length: 5676
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SPSessionGuid=d2cc8d44-e1a0-4412-9a9e-59a461c57eab


Claims Tips: Learning About Claims-Based Authentication in SharePoint 2010

Use these five tips for guidance in solving problems related to using and configuring claims.

Sample: SharePoint Claims-Based Authentication

Explore the code as you learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS.

Can not init SPSite for claims based authenticated site

Hi, trying to write a simple console application i was not able to init a claims based authenticated site with API nor with the Managed Client OM. Opening a site with only windows authentication is working. Running on a Windows Server 2008 R2 and SP 2010 server and logged in as the buildin Administrator account. Administrator is Site Collection Admin. static void Main(string[] args) {     ClientContext context = new ClientContext("http://mypc:300");     Web web = context.Web;     context.Load(web);     context.ExecuteQuery();     ... } throws "The remote server returned an error: (403) Forbidden.". Setting credentials for the context is also not working. or same problem with     static void Main(string[] args) {     using (SPSite spSite = new SPSite("http://mypc:300"))     {         ... throwing FileNotFound-Error. Any idea? Greetings Peter  

AutoLogin for authenticated user via LiveID in Sharepoint 2010 (Claims Based Authentication)

Hi,     Im working in integrating LiveID authentication in my Sharepoint site. Live id gives back a token of the user with which i created a dummy profile using MembershipProvider.CreateUser. Now i have to auto login the user with the profile i created, i mean i have to force login to my sharepoint site using the created dummy user details without asking the user to give username n password.Any suggestion will be a great help for me to proceed.   Thanks Saravanan Michael

Should I use claims based authentication?

I'm about to setup a web application to host a public facing website. Internal staff will authenticate to the site via Active Directory and we may have a need to allow external users to access "authenticated" parts of the site. To authenticate them we plan to use Windows Live ID. With that in mind,: is it better to set the web application up to use claims based authentication from the start rather than having to change it later? is there anything available as of yet to setup SharePoint 2010 to authenticate against Windows Live ID using claims based authentication?

Migrate from Classic to Claims based authentication

So this is really an outside the normal question and I am hoping someone has some thoughts. I am going to be upgrading a MOSS 2007 farm to MSS2010. I have to move hardware so I will be using the content database attach method for upgrade. The site is current extended to a second IIS Application to support both window and Forms based authentication. Since this is an intranet, unique security is used at the site level (and occasionally at the doc lib level). I want to take advantage of Claims Based Authentication (and use one URL, plus other benefits). I am well aware that that claims based token is not the same as the windows token even though the NTLM user is really the same. Thus that is what presents the issue. I need to "migrate" all of my current NTLM-Classic users to claims based. My first thought is to read the users added to each site (actually role assignments), find all users that have the domain name at the beginning of the member name and add a new users (appending the i:0#.w| to the beginning of the loginname) to the site. This works beautifully and is succesful. The problem arises in the that the role assignments contains SharePoint groups (which we don't use much) and AD groups. the SharePoint groups are ok (yes, I have to migrate the users in them too, but no problem). The AD groups are added via SID when it is claims based. This presents the probl

How do I use PowerShell to configure Web.Config for forms-based authentication for a Claims Based we

This TechNet article does a great job describing how to Configure forms-based authentication for a claims-based Web application using PowerShell. However, it glosses over editing the web.config file by just saying "Find the <Configuration> <system.web> section and add the following entry:" Is it possible to edit the web.config file using PowerShell using the IIS PowerShell snapin or can I just edit the web.config file as a xml document? This succeeds in adding the element, but only with the name and type. It does not add the connectionStringName or the applicationName import-module webadministration Add-WebConfiguration /system.web/membership/providers "IIS:\sites\[site name]" -value @{name="FBAMembershipProvider";` type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture= neutral, PublicKeyToken= b03f5f7f11d50a3a";` connectionStringName="FBAconn";` applicationName="/"} Does anyone any suggestions on a direction to go to add the membership providers and role providers in the web.config using PowerShell? This is very frustrating because I can do it manually, I can do it through the UI in IIS Manager, I can do it using appcmd, but no matter what I do, I can't get it to work using PowerShell.  

SharePoint 2010 Claims Based Authenticaton site working but search is broken

Hi, I have SP 2010 sucessfully installed on a Windows 2008 R2 server with SQL Server 2008 R2.  I created local machine accounts for the following: MACHINE\mssqlservice MACHINE\sp_admin MACHINE\sp_search MACHINE\sp_farms I have setup 2 sites with public facing internet access as well as local sites. I have CBA working properly on both sites from both public and private access. My problem is that when I go to search, I am constantly redirected to an error page. I have checked all SP services on the server and they are all running as MACHINE\mssqlservice That account has proper access to all sites as well as all DB's. My search is crawling and I get one error from a long named PDF file in my site, which is OK.   My questions is if my CBA is working fine and my search is crawling, why I am not getting a results page when I search from the sites:   Here is the error I get:   Error Internal server error exception:   Troubleshoot issues with Microsoft SharePoint Foundation. Correlation ID: 5a03b730-42c2-48c9-a220-3b9d052481de Date and Time: 9/9/2010 4:45:07 PM   I am kind of stuck at this point and am not sure how to proceed.  Any help would be appreciated.        --TR

Regarding Claims Based Authentication in sharepoint2010

Hey, i have an web application which is in classic mode. now i want to extend same application as claims mode? can you please sugguest me a proper process Thanks in Advance!Share Knowledge and Spread Love!

Claims Based Authentication

I have successfully gotten my sharepoint site to use claims-based authentication, but now I am trying to configure it so it works. Right now I can't connect locally or from my extranet. I am following this guide: http://technet.microsoft.com/en-us/library/ee806890.aspx I haven't changed my web.config files yet, because I don't know what information I need to fill in.  There are a lot of places that say, your server here, and I need to put in some OUs and whatnot.  I don't know what info I am supposed to put in. First of all, I don't know what server I am supposed to put in. Do I need my domain controller there, my sharepoint server, my sql server?  I am guessing the part with the OUs is active directory stuff, so that would imply I use my domain controller.  I have already used the aspnet_regsql application to create a database, but I am not really sure what I am supposed to do with it. Is there a guide somewhere that explains things better, or could someone help me out?    Here is the code: <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="yourserver.com"

Claims Based Authentication with ADFS 2.0


I have setup the claims based environment with ADFS 2.0, everything is working fine but when i select my claims in the people picker its not validating weather the claim exists or not. its showing what ever i enter, as a result in the people picker page. I want to check if the claim exists then only the claim should be shown as a result and resolved.

can anyone guide me how to start and where to make modifications. So that i can pick claims only which i have created or existing.

Claims Authentication : Access Denied


I have a custom SecurityTokenService implemented and the SPTrustedLoginProvider added to my farm.  I've also implemented a custom SPClaimProvider that allows me to use the People Picker to give users permissions on the site.  Everything seems to be working fine up to a point.  When I go to my site and choose the correct login method I am redirected to the STS, login there and then get redirected back to my SharePoint site.  The problem is that I get an access denied error with message 'You are currently signed in as:  <Unique User ID FROM STS>'.  I get this even after adding the associated user as a member of the site.  If I add 'All Users (Custom STS)' as a member of the site I can login just fine.


So, what could be the disconnect between giving a user permissions and then logging in as that user?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend