Your extension will be available shortly on the Visual Studio Marketplace at this link.

Identity and Access Tool

Microsoft Free

Identity and Access Tool for Visual Studio 2012. Use this package to secure your application with claims based identity and accept users from multiple identity providers.

2.9 Star
Visual Studio
Download (84,658)
E-mail Twitter Digg Facebook
Add to favorites
Sign in to write a review
Sort by:

5 Star
by Zainu | June 20 2015

Thanks and it worked very easily.

4 Star
by leis-ray | October 09 2014

Works fine to me

5 Star
by Ed (DareDevil57) | August 14 2014

Thank you

5 Star
by Aaron [MVP] | January 10 2014

3 Star
by Amsterdams | November 22 2013

I get this error
{"No version of the CardSpace service was found to be installed on the machine. Please install CardSpace and retry the operation."}

I was trying to implement this

I have both 2012 and 2012 VS installed. Not sure if that is the problem

1 Star
by Simerjot Kaur | October 11 2013

Unfortunately I have not been able to use the tool get which is very sorry since I really need such a tool. Even in a very simple scenario with a wcf service application and a windows console application when using the adfs it won’t work for me.

When executing the whole i always run into following exception:
{"No version of the CardSpace service was found to be installed on the machine. Please install CardSpace and retry the operation."}

2 Star
by Vinny Jo | August 29 2013

Using ADFS 2.0. With Claims.... and Framework 4.5 (Mvc 4 project template)
Few issues:
The web.config produced contains issuerNameRegistry\authority and should be issuerNameRegistry\trustedIssuers (Framework 4.5)

the FederationMetadata.xml does not have any details about ds:Signature, KeyDescriptor, fed:ClaimTypesRequested. (can not specified certificate)

Tried Visual studio 2010 (Claim web project template) Add STS Reference option produced the right FederationMetada.xml.

4 Star
by Mithun_daa | August 13 2013

I ran into the same issue as some of you here where the package was failing to load. Please make sure you close all instances of VS and restart it.

3 Star
by ytr32323 | July 22 2013

3 Star
by Srilatha Inavolu - MSFT | June 19 2013

Hi All,

Please run "devenv.exe /ResetSettings" if you have issues with VS loading the package.

If that doesn't work, please try the remaining steps in this post :

Hope this helps,

3 Star
by shriji1111 | June 05 2013

I found an error with this tool... it seems that it's bug
for more detail you may refer my microsoft forum page

4 Star
by Quynh H. Nguyen | May 20 2013

3 Star
by Vittorio Bertocci - MSFT | May 17 2013

Sorry to read that you are having issues with the tool and Update 2.
I have Update 2 on multiple machines and the tool works as expected. If you want us to help troubleshoot, I suggest you use the Q & A tab.

1 Star
by rjygraham | May 16 2013

+1 for broken in Update 2. Still broken in Update 3 CTP even after an uninstall/reinstall.

1 Star
by ggobbe | May 14 2013

Not working on visual studio 2012 update 2... The Identify and Access menu (to add an STS Reference) is missing.

1 Star
by David Donabedian | May 12 2013

Not working with VS2012 Update 2

1 Star
by Frank Robijn | May 11 2013

This type of extension is very welcome, but the current version is difficult to work with - it might not work at all. Tried to use it on a very simple WCF project, but it complains about a missing certificate. It tells you where to expect it (at C:\Users\...\AppData\Local\Microsoft\VisualStudio\11.0\Extensions\uv2jfeqz.qr2\LocalHost.pfx) and behold - that file exists! Unfortunately there is no information at all on how to solve this type of problem. It's a mess.

4 Star
by Sergio Parra | April 27 2013

Thanks! nice job!

1 Star
by Per Ekstedt | April 26 2013

Unfortunately I have not been able to use the tool get which is very sorry since I really need such a tool. Even in a very simple scenario with a wcf service application and a windows console application when using the local development STS it won’t work for me.

I can successfully configure the service application just clicking next and with SAML 2.0 chosen and it seems right even when I make a service reference in the console application to.

When executing the whole i always run into following exception:
{"No version of the CardSpace service was found to be installed on the machine. Please install CardSpace and retry the operation."}

Sometimes the LocalSTS don’t start but I get the error started or not.

Am I alone on this?

5 Star
by _arash | April 07 2013

Thanks, it's great to see things are improving with identity tool

1 - 20 of 33 Items   
Sign in to start a discussion

  • VS 2012 Professional Edition and VS 2015 Community Edition
    2 Posts | Last post September 13, 2016
    • I needed to setup ADFS Single Sign-On authentication on .NET application (either Web Forms or MVCx) and I already downloaded VS 2015 Community Edition. With VS 2015 and OWIN combination it seems very easy to setup ADFS just by using Change Authentication option while creating Project Template itself providing both FederationMetadata URL and App ID. But I am running into issues and AD side is not co-operative debugging the issue. BTW is there a link to configure ADFS Single Sign-On using OWIN (both SignIn and SignOut code).
      So I downloaded VS 2012 Professional Edition to try out old ways of using Identity and Access Visual Studio Extension and in combination with WIF. I downloaded VS 2012 and also installed Update 5. I created new Web Forms application and whent to Tools>Extensions and Updates... and installed Identity and Access Tool. But when I right click on my project I still cant see Identity and Access Control option. Now I have both VS 2015 and VS 2012 installed on the same machine, any help is greatly appreciated.
    • Changed the Target Framework to .NET Framework 4.5 and now I can see Identity and Access..
  • VS2013
    12 Posts | Last post June 10, 2016
    • Is this built into VS2013, or is there an updating coming?
    • Interested in this as well.
    • I also really need an update to this extension for VS2013, or some documentation on how it's built in.
      Anyone in the same situation might like to try this as a temporary work around:
    • +1 everyone else here. Can we get some feedback on when an updated tool will be available, or if there is a new procedure for handling this?
    • Can someone out there please let us know the situation with 2013???
    • Hi all,
      the Identity & Access tool was shipped out of band as a VSIX in VS2012 given that the timelines did not allow to integrate it in VS2012 itself.
      In VS2013 we added support for claims-based identity directly into the ASP.NET project creation experience (see, hence there are no plans of porting the Identity and Access tool to VS2013.
      We are aware of the fact that as of today the feature set of the two approaches are not 100% equivalent. VS2012 and VS2013 work well side by side, if you depend on functionality only available on the Identity & Access tool we recommend you keep both available until functional parity is reached (see below).
      Here there are some comments on the main differences:
      - Re-entrancy. Right now VS2013 can configure authentication only at project creation time. Re-entrancy is being considered as a feature for a future update
      - ACS support. As detailed in, ACS will not receive further investments hence VS2013 will not support it directly. AS equivalent ACS functionality appears in Windows Azure AD, VS2013 will expose it accordingly
      - Local STS. Support for Local STS didn't make it in VS2013. There are community driven alternatives (see - let us know if those cover your needs or if you really want the Local STS functionality back in the VS2013 tools
      Thank you!
    • So I came to need this app due to downloading the WIF Samples, which requires it. I'm using the WIF samples because .Net 4.5 has rendered 99% of the online documentation for STS useless. But to use 4.5, I'm running 2013. Which doesn't support this tool. Maybe it doesn't matter, since the sample throws errors out of the box due to AspNet compatibility being enabled. The whole situation is just a complete mess.
    • "AS equivalent ACS functionality appears in Windows Azure AD". This is simply not true, there is merely a promise to support all of the scenarios that ACS currently enables. So basically your whole justification is absurd. I should not need to move backwards in visual studio versions to get this working, period.
    • I want to agree with Keith in saying that this whole WIF roadmap and available tools is a complete mess!  The inability to create the most basic of WIF examples in VS 2013 is ridiculous.  As of today there are no online examples on getting this to work, only some cryptic "it's already built in so it makes it easier".  Well if you are coming in brand new, one would assume that there was a "Hello World" example.  No, the only example is for VS 2012, which is different than VS 2013 due to some package renaming!  And, the development tool for VS 2012 doesn't even exist in VS 2013?!  And not to mention the 'how to' for VS 2012 doesn't work with the Identity tool because they made is "stricter" which breaks it completely?  Here is part of the error: "ID8030: The value of the 'type' property could not be parsed. Verify that the type attribute of '<issuerNameRegistry blah blah blah..."  Absolutely rediculous
    • Please, put the local STS feature back. It was very helpful. Also I would like to see support for it in the project creation wizards. At development time, especially in the beginning of projects, STS may not be readily available at all. How about working from home or on the road.
      In general I'd agree with the posts above about the messy story of WIF in VS 2013/.NET 4.5/msdn/Vittorio's book/etc.
      Is there a place where we can we vote for features and fixes?
    • I agree with many others, the whole thing is a heap of fetid dingo's kidneys. 
      It started with the Microsoft.Identity namespace which became System.Identity in the "highly compatible in-place upgrade" 
      The web is full of people struggling to work out the right config settings, is it <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089">
       <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="">
      answer - it depends.
      I've spend days trying to get a simple one page webforms site to authenticate against our ADFS, let alone modifying our existing web app (which started on .Net 1.0 and is now newly upgraded to 4.52.)
      The documentation on MSDN is hopeless, just explaining what the namespaces are, not how to use the damn thing, and the blogs and samples people have kindly posted are from every version (attempt) of WIF, so we spend hours filtering the irrelevant.
      Not everyone has the luxury of starting from scratch (I have, twice, in the past 30 odd years) 
      We all have to maintain / upgrade existing apps and sites.
    • Another vote to bring back local STS.
  • Identity and Access Context menu entry
    3 Posts | Last post January 21, 2016
    • There is none, even restarting VS2012 did not help.
      Extension manager shows that it is installed.
    • Installed the tool per instructions.
      Initially had a problem with "Identity and Access..." menu showing, but once I changed my project's .NET framework to v4.5, it showed up.  Using VS 2012 Ultimate on Win7.
    • A (positive) suggestion: MS put together some simple one-page samples of ADFS / Azure ACS authentication via WIF.
      Then someone at MS does the same Boogle searches we do, and posts the links to the samples in each forum / blog etc. 
      How does that sound?
  • There is no clear test example working with LocalSTS
    2 Posts | Last post September 09, 2014
    • Personally to me, never worked with authentication services before, it's absolutely unclear, how to make this claims authentication work.
      For instance, I have now forms authentication in my MVC application.
      I want to switch to single sign-on.
      I want to start with simple: having LocalSTS only.
      So, I want to submit my form to LocalSTS, gets authenticated and proceed working with my application. I cannot see clear sample, how to do this. Everything is too complicated.
    • "I cannot see clear sample, how to do this. Everything is too complicated."
      Amen and +1 to that brother.
  • Federation Metadata needs authentication
    3 Posts | Last post July 03, 2014
    • Our Federation metadata file needs authentication and in the Identity and Access tool there is nowhere to enter any kind of credentials. In the many examples on the web, never came across one that showed the federation metadata needing any authentication. So is it even normal to have authentication for the metadata?
      I accessed the metadata using postman, copied it locally and tried to add it manually, but the tools says "The root element of a metadata document must be either an EntitiesDescriptor or an EntitiesDescriptor". The file has edmx tags and none of the above root elements. Is the tool showing the error due to an actually invalid metadata file?
      Many Thanks.
    • Never mind. I figured it out. Was given the wrong file/location for the metadata. Sorry I cannot delete my earlier post.
    • Completely agree with other users who are complaining about lack of Identity and Access tool in VS 2013. This just stops us from using open source Identity servers.
  • creates invalid element in web.config
    2 Posts | Last post June 30, 2014
    • When the tool manipulates web.config, it creates an invalid node under <issuerNameRegistry>:
       <authority name="LocalSTS">
                  <add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" />
                  <add name="LocalSTS" />
      it should be:
                      <add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
      Or am I missing something?
    • Have you solved the problem? I'm facing the same issue here, and in addition, the extension didn't create the FederationMetadata.xml file in the project, though it added the following element in web.config:
        <location path="FederationMetadata">
              <allow users="*"/>
      Can someone shed some light on this?
  • Work with older projects converted to VS 2012?
    2 Posts | Last post June 11, 2014
    • Should the Identity and Access Tool be able to work with projects that were converted from VS 2010 to VS 2012 projects?
      When I create a new project in VS 2012, I can see the "Identity and Access" context menu.  However, when I open an older project and migrate it to VS 2012, I don't see the context menu.
      Is there any way to make the "Identity and Access" tool work with these older converted projects, or is the only solution to create a new project and move the source code into it?
    • The Project should be running on .NET framework 4.5 for the menu item to show up. Right click project in solution explorer, click properties and check version and change if required. Restart VS 2012 and the menu should show after that.
  • I can not install Identity and Access Tool
    4 Posts | Last post June 09, 2014
    • Dear Friends,
      I have tried to download and install Identity and Access Tool, but I received this error message when I tried to install it:
      "Installation Failed. The installation was unable to install the extension to all the selected products. For more information, click on the install log link at the bottom of the dialog. This extension is not installable on any currently installed products."
      This is the install log:
      [Not Before]
        1/25/2013 5:33:41 AM
      [Not After]
        4/25/2014 5:33:41 AM
      5/25/2014 10:25:28 AM - 	Supported Products : 
      5/25/2014 10:25:28 AM - 		Microsoft.VisualStudio.Pro
      5/25/2014 10:25:28 AM - 			Version : [11.0]
      5/25/2014 10:25:28 AM - 
      5/25/2014 10:25:28 AM - 	References      : 
      5/25/2014 10:25:28 AM - 		-------------------------------------------------------
      5/25/2014 10:25:28 AM - 		Identifier   : Microsoft.VisualStudio.MPF.11.0
      5/25/2014 10:25:28 AM - 		Name         : Visual Studio MPF 11.0
      5/25/2014 10:25:28 AM - 		Version      : [11.0,)
      5/25/2014 10:25:28 AM - 		MoreInfoURL  : 
      5/25/2014 10:25:28 AM - 		Nested       : No
      5/25/2014 10:25:28 AM - 
      5/25/2014 10:25:28 AM - 
      5/25/2014 10:25:28 AM - Searching for applicable products...
      5/25/2014 10:25:28 AM - Found installed product - Microsoft Visual Web Developer Express 2010
      5/25/2014 10:25:28 AM - Found installed product - Microsoft Visual Studio Ultimate 2013
      5/25/2014 10:25:28 AM - Found installed product - Microsoft Visual Studio Premium 2013
      5/25/2014 10:25:28 AM - Found installed product - Microsoft Visual Studio Professional 2013
      5/25/2014 10:25:28 AM - Found installed product - Microsoft Visual Studio 2013 Shell (Integrated)
      5/25/2014 10:25:28 AM - Found installed product - Global Location
      5/25/2014 10:25:28 AM - VSIXInstaller.NoApplicableSKUsException: This extension is not installable on any currently installed products.
    • Visual Studio 2012 not Visual Studio 2012. See other messages in this thread.
    • Not Visual Studio 2013
    • Thank you steven for your answer :)
  • Windows Azure Active Directory option not working
    1 Posts | Last post February 26, 2014
    • I am following the steps on the webpage ‘How To: Enable WIF for a WCF Web Service Application’
      I have got this working using the ‘Use the Local Development STS to test your application’ option and am now trying again this time selecting ‘Use a business provider (e.g. Windows Azure Active Directory..’ but unfortunately have not been able to get it to work.
      My first problem arises when I try to add my Service Reference Step 2.4.
      At this point I receive the following warning:
      Custom tool warning: Obtaining metadata from issuer '' failed with error 'System.InvalidOperationException: Metadata contains a reference that cannot be resolved: ''. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at that could accept the message.
      If I continue and complete the project when I attempt to run it a Windows CardSpace form appears containing the following message:
      The following error occurred: Incoming policy failed validation
      I initially experienced the same problem when selecting the ‘Use the Local Development STS to test your application’ option and eventually found a solution on this forum.
      I resolved my problem by editing the web.config immediately after completing Step 1, point 6 as follows:
              <binding name="">
                <security mode="Message">
                    <!--issuerMetadata address="https://localhost/adfs/services/trust/mex" /-->
                    <issuerMetadata address="http://localhost:12330/wsTrustSTS/mex" />
      However, despite repeated attempts I cannot find the correct value to put in this element when using Azure. 
      Kind regards,
      Liz Guess
  • Documentation for VS 2013 "organizational accounts"
    1 Posts | Last post February 26, 2014
    • Same as everyone, would like to see this better documented. Vittorio's response is helpful, but roadmap for ASP.NET Identity does not mention the WAAD area.
      At least for now, the configuration done by the "Change Authentication" button seems to be consistent with past documentation. I point to this article for a solid page describing the web.config sections we need to be aware of:
      Been trying to use the WAAD integration since the VS 2013 preview. Admit to being pretty confounded.
1 - 10 of 53 Items