.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Windows Identity Foundation Security Token Service can't stay logged in

Posted By:      Posted Date: August 28, 2010    Points: 0   Category :.NET Framework
I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

View Complete Post

More Related Resource Links

Geneva Framework: Building A Custom Security Token Service


A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009

Service Station: Serialization in Windows Communication Foundation


Windows Communication Foundation supports several serialization mechanisms and provides a simple, interoperable foundation for future service-oriented applications. Here Aaron Skonnard explains it all.

Aaron Skonnard

MSDN Magazine August 2006

Security Briefs: Security in Windows Communication Foundation


Windows Communication Foundation provides three major protections- confidentiality, integrity, and authentication. This month Keith Brown explains what they can do for you.

Keith Brown

MSDN Magazine August 2006

Claims to windows token service wont start in Central administration

Not sure if this is a bug or some setting I just dont understand but I cannot get the claims to windows token service from manage services to show as started. When I click start I get this error in the event viewer: An attempt to start/stop instance of service Claims to Windows Token Service on server <SERVERNAME> did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. c2wts (DOMAIN\sp_farm) I have searched and searched for an answer. This thread http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/6b865ead-970b-4460-9dcf-1cc6d6d8530b talks about needing a connection to the internet, but my server is connected to the internet so i think i can rule that out. Also I have read that c2wts depends on the crypto service. I have run this command with no success: sc config c2wts depend= cryptsvc I can start the c2wts service through services.msc and it is succesful. But central administration still shows it is stopped. I have also re-run the installer in repair mode, and re-run the initial configuration wizard, maintaining all of the same settings as the previous installation. That didn't help. Basically, I'm out of ideas and I cant find much about this on the web. Any ideas?

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Windows Service Suddenly Stops with no logged message

Background: I have a windows service which hosts some wcf services and multithreading has been used there heavily. I'm using Enterprise Library to log messages, handled and unhandled.  AppDomain.CurrentDomain.UnhandledException += OnUnhandledException;  private static void OnUnhandledException(object sender, UnhandledExceptionEventArgs e)         {             Logger.Error("An unhandled exception has been thrown.", (Exception)e.ExceptionObject);         } Problem: The problem is that randomly my windows service stops on production and I get no log messages saying that the services stopped or what exception details. Question: I haven't created any new AppDomain explicitly. Shouldn't all the threads run in the same default CurrentDomain? if so, why nothing gets logged when the service stops suddenly? Thanks in advance.    

The Security Token Service is not available

I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

Security settings for this service require Windows Authentication but it is not enabled for the IIS




We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

Windows Security Login popup for 3 times after logged in after changed theme banner


Hi experts,

I do have problem with my SharePoint theme. I have actually create new theme by customized a theme from the default theme in SharePoint. I have replace with new banner and do some changes in the coding site.

After i have applied the theme to my portal, i face problem when i try to logged in using a username from Read Only group, it will appear the windows security login for 3 times before the portal can be access, unfortunately the banner are still not visible. Sometimes, its appear, sometime it didn't. 

However, when i logged in user System Account, i have no problem accessing the page without windows security login appear and the banner are there.

What am i missing, please do let me know. Thank you.

Windows Identity Foundation (Claims Based Authentication) for Reporting Services



I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

nettcpbinding with windows security in iis hosted service


Hi ,

I have hosted service in iis. How can i verify my service (transport mode)is using windows authentication for client.

when i use basichttpbinding and set clientCredentialType to windows, but iis with anonymous. When i browse svc, as expected i get error that secrurity setting of servcie needs windows but iis is configured as anonymous. Similar i see expected bheavior when service is configred for anonymous, but iis is configured for windows.

But when i use nettcpbiding, irrespective of what my iis setting is (windows/anonymous), if i configure service for windows and i browse svc file. I am always able to do to without any error. when service is configured for windows and iis for anonymous; shouldn't i get an error (as seen in case of basichttpbinding)



Security Token Service is not available


After converting a Web Application from Classic mode to Claims Based using Powershell I can no longer access my Web Applications.

When turnign off custom errors and setting Call Stack to true. I see the below error message:

The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.

Looking into Central Admin I see an error for the Security Token Service. The Security Token Service is not available. Explanation:

The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.

If I look in the App Event Logs I see:

An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error..

I have applied the WCF Hotfix and restrated the server. What is causing this issue?

I am using SharePoint Foundation 2010

Any assistance is greatly needed!

Just installed SP2010 RTM. Now receiving "The Security Token Service is not available" error.


I have spent the better part of today researching this error and have not been able to resolve it. I made sure the "SharePoint Web Services" application pool was started. I have also rebooted the server. There was a lot of mention about a HotFix, but it was already installed. Anyone have any other ideas?

Here is the error:

The SharePoint Health Analyzer detected a condition requiring your attention. The Security Token Service is not available.

The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.

Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".

WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service, Part 3

Enable federated HTTP binding for a web service and establish trust between the Windows Communication Foundation (WCF) web service and the SharePoint 2010 security token service.

Error installing SharePoint Server 2010 Prerequisites - Namely Windows Identity Foundation


Good day to all

i am trying to install Sharepoint server 2010 on my server, i have a windows server 2008 sbs sp2 pc. i have manually downloaded the Prerequisites and installed all except the windows identity foundation which just hangs. i have downloaded the file from the windows site namely: Windows6.0-KB974405-x64.msu, please can someone assist me in this matter i am at a lost.

Using the "Claims to Windows Token Service" to assist with single sign on



Does anyone know if it's possible to use the c2WTS service to achieve single-sign-on within SharePoint 2010, without turning it into a Claims-based application? My situation is that I'd like to use ADFSv2 (and/or Shibboleth) for user authentication, but instead of returning a SAML token back to SharePoint, I'd like to use c2WTS to transform that claim into a Kerberos ticket and pass that back to a SharePoint web app that's using classic Windows authentication. For this web application, we're not interested in federation - just looking to eliminate the Windows Integrated Authentication. All users will have a valid account (and thus UPN) in the domain. Our current environment is WSS 3.0 and we've mostly used AD groups for authorization. This makes it diffiuclt to simply migrate these sites to use claims in SharePoint 2010. Any feedback would be appreciated.

-joe c

Do I really need the 'Claims to Windows Token Service'

SharePoint 2010 complains when this service is not available, however if my web applications aren't using CBA, is this really necessary?
Conrad Goodman MCITP SA / MCTS: WSS3.0 + MOSS2007
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend