Identity and Access Tool for Visual Studio 2012. Use this package to secure your application with claims based identity and accept users from multiple identity providers.
Sorry to read that you are having issues with the tool and Update 2. I have Update 2 on multiple machines and the tool works as expected. If you want us to help troubleshoot, I suggest you use the Q & A tab.
This type of extension is very welcome, but the current version is difficult to work with - it might not work at all. Tried to use it on a very simple WCF project, but it complains about a missing certificate. It tells you where to expect it (at C:\Users\...\AppData\Local\Microsoft\VisualStudio\11.0\Extensions\uv2jfeqz.qr2\LocalHost.pfx) and behold - that file exists! Unfortunately there is no information at all on how to solve this type of problem. It's a mess.
Unfortunately I have not been able to use the tool get which is very sorry since I really need such a tool. Even in a very simple scenario with a wcf service application and a windows console application when using the local development STS it won’t work for me.
I can successfully configure the service application just clicking next and with SAML 2.0 chosen and it seems right even when I make a service reference in the console application to.
When executing the whole i always run into following exception: {"No version of the CardSpace service was found to be installed on the machine. Please install CardSpace and retry the operation."}
Sometimes the LocalSTS don’t start but I get the error started or not.
@Andrey M_: I wish I had looked at these reviews two days ago! I spent way too many hours reaching the same conclusion you did re: issue #2 (projects under solution folders). At least I can say I feel your pain. :)
Aside from that bug, the tool is fantastic and much easier to understand than WIF 1.0.
Dear Microsoft, can you please fix this? It shouldn't take too long, and it's a pretty common scenario in anything other than demos... Thanks!
On first install I had an error (which I forgot), followed by the following after restart.
--------------------------- Identity and Access --------------------------- ID0002: Could not find LocalSTS executable file at address 'C:\Users\Administrator\AppData\Local\Microsoft\VisualStudio\11.0\Extensions\rqsnqnqa.0fi\LocalSTS.exe'. --------------------------- OK ---------------------------
After seeing this a few more times, uninstalling and installing, it looks like it is working... but no, it isn't. Upon selecting the right-click menu option, I get the same error, this time
--------------------------- Identity and Access --------------------------- ID0003: Could not find LocalSTS executable's configuration file at address 'C:\Users\Administrator\AppData\Local\Microsoft\VisualStudio\11.0\Extensions\0dgdsiel.yux\LocalSTS.exe.config'. --------------------------- OK ---------------------------
Another uninstall and install and finally I see the wizard. Strange.
Successfully uses Google to log into MVC 4 app, but no way to log out. Maybe it isn't meant for this.
I can't get the package to load. This is the log information I get: <entry> <record>472</record> <time>2012/11/05 11:27:55.236</time> <type>Information</type> <source>VisualStudio</source> <description>Begin package load [IdentityAndAccessVSPackage]</description> <guid>{97E6CB8F-C650-43EA-A6F3-2B4A51ECC8D5}</guid> </entry> <entry> <record>473</record> <time>2012/11/05 11:27:55.247</time> <type>Error</type> <source>VisualStudio</source> <description>SetSite failed for package [IdentityAndAccessVSPackage]</description> <guid>{97E6CB8F-C650-43EA-A6F3-2B4A51ECC8D5}</guid> <hr>80004003 - E_POINTER</hr> <errorinfo>Object reference not set to an instance of an object.</errorinfo> </entry> <entry> <record>474</record> <time>2012/11/05 11:27:55.247</time> <type>Error</type> <source>VisualStudio</source> <description>End package load [IdentityAndAccessVSPackage]</description> <guid>{97E6CB8F-C650-43EA-A6F3-2B4A51ECC8D5}</guid> <hr>80004003 - E_POINTER</hr> <errorinfo>Object reference not set to an instance of an object.</errorinfo> </entry>
Overall, the idea and the tool are great. Unfortunately, it seems that there are two bugs that occur when using the tool with an MVC3 app in Visual Studio 2012 RTM:
1. If the web.config contains section <system.serviceModel>, after clicking OK in the configuration tool, it exits with an error stating 'The '[' character, hexadecimal value 0X5B cannot be included in a name';
2. The LocalSTS fails to start for an unclear reason, when using it in an MVC3 project migrated from VS 2010. LocalSTS starts fine in a newly created MVC3 project though.
Update: After quite some trial and error, I was able to determine that problem [2.] occurs when an MVC project was placed inside a so called 'Solution folder'. Once I moved the project out of solution folder into the solution root, the LocalSTS finally started. The same behaviour is reproducible both in MVC3 and MVC4 projects, even when created in VS 2012 from scratch so it's not MVC or VS version-specific.
Hi,
If I put the web-project in a solution folder the local STS will not start. It will only start if I put the web-project in the root of the solution. I like the local STS and want to use it but need to have the web-project in a solution folder so I just want to check if there is an update planned for this?
See this for more info:
http://stackoverflow.com/questions/14168774/wif-4-5-local-development-sts-not-running
Thanks!
Am I correct in believing that this tool does not support use with Visual Studio 2012 Express?
Assuming this is true, any ideas for alternatives to allow MVC4 developed in Visual Studio 2012 Express to use Azure ACS.
Hi Mark,
you are correct. Visual Studio Express does not directly support extensions.
Without the tools, things are a bit convoluted. You can follow the instructions in http://www.windowsazure.com/en-us/develop/net/how-to-guides/access-control/ but create the web.config of your app manually. You can use the config in http://code.msdn.microsoft.com/Claims-Aware-MVC-523e079b as a starting point.
Another alternative would be to get a trial of Visual Studio (http://www.microsoft.com/visualstudio/eng/downloads) and use the tool there to create the initial configuration. You can then work on the project in Express.
HTH
V.
Hi Vittorio,
As I mentioned in on Twitter, after applying Update 2 to my installation of VS2012 the Identity and Access menu disappears. Is there anything I can check to see why it is not showing up?
Thanks,
Ryan
Ryan, we are looking in the setup data you sent but for the time being there's nothing that stands out (apart from the fact that they refer to Update 3 CTP).
The update 2 should have no effect on the tool setup, I am wondering if there is anything else at play. Can you please describe in details what verification flow are you using? What is the project that when opened before applying Update 2 was showing the IDA tool and now no longer shows it?
Hi,
I am getting error while loading my custom STS Federation Metadata by using 'Identity and Access Tool'. This error is ID1116: MetaData download/parsing error, ID0011: There is no valid metadata document located 'path' at signature verification failed.
Regards,
Yasir
After installing the Identity and Access tool v.1.0.2, and filling in the data I got this error message:
The Calling thread must be STA, because many UI components require this.
After clicking OK, the message pops up.
Seems to me a bug in the tool. Can anyone help?
Some extra info:
After deleting all the relying parties in the Azure Management Portal, I'm able to reconfigure again. The problems keeps returning though.
Unfortunately the configuration works when deployed locally, but not when deployed to Azure (of course I've modified the Real, return URL and Audience URI) is doesn't work.
After clicking on the button that should bring me to the login pages, the page appears, but the list of Identity Providers is empty. No error shown.
Richard, can you provide more details on what are you configuring in the tool, what project type you are using, what options are you enabling, and so on?
Also: note that the tool does not do anything specific for Windows Azure, there are some steps you might need to take (like the ones you mentioned) in order for it to work when deployed in the cloud or in the emulator.
Hi Richard,
responding here given that reviews don't offer a mechanism for doing so.
Sorry for not having responded on this thread right away. This is the right place for discussing the tool.
However I would like to understand what you meant with "Blogs entries on http://blogs.msdn.com/b/vbertocci/ simply disappaer."
That's my personal blog, and I can assure you I never deleted any blog post :-)
And lo. It was AVG antivirus
For some reason the combination of AVG and Identity and Access addin causes this issue.
I have tried disabling various components of AVG but it seems that the only solution is to disable it entirely.
So given that, who can recommend an AV that won't intefere with development activities?
Thanks for trying to help.
I'm using a MVC 4 application targeting .NET 4.5 framework.
- I use Windows Live & Google as IP
- Azure Access Control Service as STS
Goal: I want to generate a controller to handle the authentication (as described on Vittorio's blog http://blogs.msdn.com/b/vbertocci/archive/2012/10/23/windows-identity-foundation-tools-for-visual-studio-2012-rtm.aspx
Hopes this clarifies my case.
I've an MVC 4 application (Orchard CMS) targeting .NET 4.5. I want to add authentication through ACS in my project.
I rightclick the project -> "Identity and Access"
I fill in the Providers tabs and click OK
I rightclick the project -> "Identity and Access"
I click the Configuration tab
Now in the blog of Vittorio ( http://tinyurl.com/a6zedjt ), there should now be an option "Choose how to handle unauthenticated requests", but unfortunately, this option is not there. It is just missing.
Can anyone tell me what's wrong, or where to look?
That feature is enabled / disabled depending on the project type, a GUID in the csproj file. A check is made for MVC4, by looking at
<ProjectTypeGuids> for "E3E379DF-F4C6-4180-9B81-6769533ABE47" which is inserted when the mvc4 template runs on project creation.
What does your <ProjectTypeGuids> look like?
Thank you for your answer Brent. My <ProjectTypeGuids> looks like this:
<ProjectTypeGuids>{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
Just curious if anyone is seeing issues where the is <system.ServiceModel> element in config? It was recorded that this caused the tool to fail, but I haven't seen it in a while.
I'm using Windows 8 and VS2012. I've enabled Windows Identity Foundation feature and installed the WIF SDK 4.0, then I installed the Identity and Access Tool extension in VS2012 and restarted my Visual Studio. Sometimes an error occured promting the extension is not loaded correctly, and sometimes there's no error but when I right-click my MVC4 project, there's no Identity and Access shown in the option. I've unistalled and reinstalled the SDK and extension many times and it wasted almost my two days! It's a torture to me. Could anyone please help me out? Thanks!
I think I know why the Identity and Access... option is not showing when I right clicked the MVC4 project. Because my project is targeting .net framework 4.0. While I created a project targeting .net framework 4.5, the option appeared. So my question now becomes: is there a way to use Identity and Access Tool for projects targeting .net framework older version? Or can FedUtil.exe work in VS2012?
Hi there,
Targeting a version of the framework < 4.5 entails using WIF1.0. below I am pasting the reply we gave to a question similar to yours.
We do not offer tools in Visual Studio 2012 for targeting WIF1.0. You can work with projects targeting 4.0 and using WIF1.0, but you will not have wizard support for federation-related tasks.
Visual Studio 2010 with the WIF SDK keeps working as usual. If you don't have a Visual Studio 2010 instance available on your machine and you need to change trust relationships settings, you can still use fedutil.exe (from the old SDK) from the command line.
It would be cool if the tool detected this situation and explained that targeting 4.5 is required, because it's easy to forget the VS defaults to 4.0 when creating new projects of many types.
I am trying to integrate Oracle Identity Federation(OIF) with WIF 4.5. Is this the right tool to do it?
When I import the STS metadata document from OIF to WIF, I receive this error message: "userSelection.SecurityTokenServiceMetada.SecurityTokenServiceDescriptor"
When I export my federation metadata to OIF, OIF errors out with: "The provider ID of a peerprovider cannot be empty string"
So, it seems both parties can't exchange meta data. What is the best approach to integrate WIF with OIF?
Thanks
Hi there!
I have no direct experience with OIF. We did publish a guide about federating ADFS and OIF, but that uses the SAML protocol hence it won't help for integrating with WIF.
The only advice I can give at this point is to ensure that you are working with the right endpoints. OIF supports many protocols: if for example you are pointing to a metadata document that is not associated with WS-Federation, you won't get the expected results.
thanks
V.
just a quick update. I ended up using ADFS with OIF as the identity/claim provider. OIF talks SAML protocol to ADFS. My site talks to ADFS using WF-Federation.
Hi Lee,
thanks for the update! I am sure you'll be happy to know that the topology you describe is successfully used in many solutions I have seen.
Thanks
V.
I have an MVC3 web app. I just installed the latest Identity and Acess Tool in Visual Studio 2012 and I do not get the menu option when I right-click my Project. I have uninstalled reinstalled too.
Hi Thomas,
if your app is targeting .NET 4.0 then the tool option will not appear in the menu. If you change the target to be 4.5, you should see it appearing. Also: the tool is mostly targeting MVC4.
thanks
V.
Don't know where you got Thomas from. So, there is no solution for adding an STS Reference in Visual Studio 2012 for an MVC3 ASP.NET 4.0 project? Most of our developers are still on Windows 7 Visual Studio 2010.
Apologies, wires crossed.
We do not offer tools in Visual Studio 2012 for targeting WIF1.0. You can work with projects targeting 4.0 and using WIF1.0, but you will not have wizard support for federation-related tasks.
Visual Studio 2010 with the WIF SDK keeps working as usual. If you don't have a Visual Studio 2010 instance available on your machine and you need to change trust relationships settings, you can still use fedutil.exe (from the old SDK) from the command line.
We are having this same issue. We do not see the menu item to add the reference when we are targeting 4.0. However, targeting 4.5 it appears. The problem is, none of our server environments have 4.5 installed which creates a bigger headache. Is there any work around or plans to add this functionality while targeting 4.0???
It seems silly that you can in VS 2008 4.0, VS 2010 4.0, VS 2012 4.5 and not VS 2012 4.0...
Please help!
Free
&size=large&version=00000000-0000-0000-0000-000000000000){kind=avatar}
