Windows Identity Foundation (WIF) By Example Part I – How To Get Started.

This post reflects on the steps I needed to perform to create my first Windows Identity Foundation (WIF) application from zero to Hello World. It can serve as a bootstrap for starting developing Claims-Aware ASP.NET application using Windows Identity Foundation (WIF).

This post quickly goes through preparing the development environment for using Windows Identity Foundation (WIF) and it walks through creating basic simple Claims-Aware web site.

Summary of steps:

  • Step 1 – Prepare Development Environment
  • Step 2 – Configure IIS7 to use SSL
  • Step 3 – Create Claims-Enabled Web Site
  • Step 4 - Add local STS (Security Token Service)
  • Step 5 – Configure IIS to load User Profile
  • Step 6 – Test Your Work

Rest of the post is detailed explanation for each step followed by the resources in the end.

Step 1 – Prepare Development Environment

  • Have VS2010 installed.
  • Use Web Platform Installer available here to configure your dev machine. Tick all options on for Web Server and for Frameworks and Runtimes unless it completely sounds off like CGI.

Web Platform Installer

Web Platform Installer

  • Make sure to configure IIS 6 Metabase and IIS 6 Configuration compatibility otherwise you will hit the following error message when trying to create a web site in Visual Studio 2010 when working directly against IIS vs. File System.

Prepare IIS For Windows Identity Foundation WIF Development

  • To configure IIS 6 Metabase and IIS 6 Configuration Compatibility use either Web Platform Installer or go to Programs and Features. Expand Internet information Services and tick the option on, then press OK.

Prepare IIS For Windows Identity Foundation WIF Development

  • Make sure IIS is configured to use ASP.NET 4.0 otherwise you will receive the follow error message:

ASP.NET 4.0 has not been registered on the Web server. You need to manually configure your Web server for ASP.NET 4.0 in order for your site to run correctly, Press F1 for more details.

Configure IIS to use ASP.NET 4.0

To configure IIS7 to use ASP.NET 4.0 follow these steps:

  • Open command prompt under Administrative privileges.
  • Navigate to this location C:\Windows\Microsoft.NET\Framework\v4.0.30319.
  • Locate aspnet_regiis.exe file.
  • Run the utility with –i switch to register ASP.NET 4.0 with IIS7

Register ASP.NET 4.0 with IIS7

List supported OS’s –

Package name

Supported operating system


Download file size


Windows 7 and Windows Server 2008 R2


965 KB


Windows 7


858 KB


Windows Vista SP2 and Windows Server 2008 SP2


969 KB


Windows Vista SP2 and Windows Server 2008 SP2


861 KB


Windows Server 2003 SP2


1.2 MB


Windows Server 2003 SP2


1.2 MB


Step 2 – Configure IIS7 to use SSL

Follow instructions on how to configure IIS7 to use SSL located here: How to Set Up SSL on IIS 7. I skipped directly to Using IIS Manager part.

Step 3 – Create Claims-Enabled Web Site

  • In Visual Studio choose File->New Web Site.
  • In the dialog choose Claims-Aware ASP.NET Web Site, give it a name and press OK.

Claims Aware ASP.NET Web SIte

  • You have created a Web Site configured to use Windows Identity Foundation. Explore web.config, you should identify several config sections related to Windows Identity Foundation.

Step 4 - Add local STS (Security Token Service)

  • In Solution Explorer right click the solution and choose “Add STS reference...”
  • On the Welcome to the Federation Utility wizard page click Next.
  • On the Security Toke Service page choose “Create a new STS project in current solution” and click Next.
  • Click Finish on Summary page.
  • You should see success message – “Federation Utility completed successfully.”
  • New project should be created with the same name and _STS suffix.
  • Original Solution’s web.config should be updated with several more changes – explore it.






Step 5 – Configure IIS App Pool to load user profile

Make sure that the application pool is configured to load user profile. From the response to ADFS 2.0 SSO The data protection operation was unsuccessful by Claudio Sanchez:

  • Open your IIS Manager
  • Find out what AppPool your application is using by selecting your App, right-click on it, and Select Manage Application -> Advanced Settings.
  • After that, on the top left hand side, select Applications Pools, and go ahead and select the App Pool used by your app.
  • Right-click on it, and select Advanced Settings, Go to the Process Model Section and Find the "Load User Profile" Option and set it to true.

Step 6 – Test Your Work

Authentication via STS

  • Click Submit Button to imitate authentication process.
  • You should be redirected back to the Web Site, in my case WIFEnabledWebSite:

STS Authentication complete

More Info