Making WIF local STS to work with your ASP.NET application

Making Windows Identity Foundation (WIF) STS test application work with your solution is not as straightforward process as you can read from books and articles. There are some tricks and some configuration modifications you must do to get things work. Fortunately these steps are simple one.

1. Move your application to IIS or IIS Express

If your application uses development web server that ships with Visual Studio then make your application use IIS or IIS Express. You get simple support for IIS Express to Visual Studio 2010 after installing Visual Studio 2010 SP1. You can read more from my blog posting Visual Studio 2010 SP1 Beta supports IIS Express.

NB! You don’t have to move your dummy STS project to IIS.

2. Change request validation mode to ASP.NET 2.0

As a next thing you will get the following error when coming back from dummy STS service:

HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client.

Open web.config of your application and add the following line before </system.web>:

<httpRuntime requestValidationMode="2.0" />

Now you are done with configuring web application to work with STS.


  • Thank you for this indication, I'm trying to locate the active forum(s) for WIF, in particular in relation to the Microsoft "Programming Windows Indentity Foundation" book.

  • Thanks for feedback, etincelle. You can find official forum for Windows identity and CBA topics here:

Comments have been disabled for this content.