Configuring federated passive Relying Party for IIS 7 classic mode error (Failed to Execute URL)

Question

I have an ASP.Net Relying Party that uses Microsoft Identity Model and WIF for passive federated identity. The web application works fine in IIS 7 under a .Net 4 integrated pipeline application pool. But when I switch it to a .Net 4 classic pipeline application pool, it fails and gives me the following error. How can this be fixed?

Exception Details: System.Web.HttpException: Failed to Execute URL.

Stack Trace:

[HttpException (0x80004005): Failed to Execute URL.] System.Web.Hosting.ISAPIWorkerRequestInProcForIIS6.BeginExecuteUrl(String url, String method, String childHeaders, Boolean sendHeaders, Boolean addUserIndo, IntPtr token, String name, String authType, Byte[] entity, AsyncCallback cb, Object state) +4040320 System.Web.HttpResponse.BeginExecuteUrlForEntireResponse(String pathOverride, NameValueCollection requestHeaders, AsyncCallback cb, Object state) +590 System.Web.DefaultHttpHandler.BeginProcessRequest(HttpContext context, AsyncCallback callback, Object state) +286 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +405 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +375

Edit

This error occurs when I browse to the website without specifying a page. Example:

1 - http://www.relyingparty3.com causes error

2 - http://www.relyingparty3.com/Default.aspx works fine

Milad Ghafoori Milad Ghafoori · Accepted Answer · 2012-06-06T20:56:59

I found a solution in the following MSDN forum thread. Credit goes to users "paullem" (explaining the reason of failure) and "Alex Stankiewicz" (for making the fixing code available):

http://social.msdn.microsoft.com/Forums/en/Geneva/thread/43392dc5-e764-4027-8de5-1638a4c17540

So to solve the issue, I created a new class with the following code:

using System;
using System.Web;
using System.Security.Principal;
using System.Threading;
using Microsoft.IdentityModel.Claims;
using Microsoft.IdentityModel.Web;

namespace TestApp.Code
{
    public class IIS6SessionAuthenticationModule : SessionAuthenticationModule
    {
        protected override void OnPostAuthenticateRequest(object sender, EventArgs e)
        {
            if (!(HttpContext.Current.User is IClaimsPrincipal))
            {
                IClaimsPrincipal incomingPrincipal = ClaimsPrincipal.CreateFromHttpContext(HttpContext.Current);
                ClaimsAuthenticationManager manager = base.ServiceConfiguration.ClaimsAuthenticationManager;

                if (((manager != null) && (incomingPrincipal != null)) && (incomingPrincipal.Identity != null))
                {
                    incomingPrincipal = manager.Authenticate(HttpContext.Current.Request.Url.AbsoluteUri, incomingPrincipal);
                }

                if (incomingPrincipal.Identity.IsAuthenticated)
                {
                    HttpContext.Current.User = incomingPrincipal;
                    Thread.CurrentPrincipal = incomingPrincipal;
                }
                else
                {
                    HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), new string[] { });
                    Thread.CurrentPrincipal = HttpContext.Current.User;
                }
            }
            else
            {
                if (string.IsNullOrEmpty(HttpContext.Current.User.Identity.Name))
                {
                    HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), new string[] { });
                    Thread.CurrentPrincipal = HttpContext.Current.User;
                }
            }
        }
    }
}

I then added the following entry to the "httpModules" of "system.web" in the "web.config", after "WSFederationAuthenticationModule" and "SessionAuthenticationModule":

<add name="IIS6SessionAuthenticationModule" type="TestApp.Code.IIS6SessionAuthenticationModule, TestApp" />

Configuring federated passive Relying Party for IIS 7 classic mode error (Failed to Execute URL)

2 Answers