A SignInResponse message may only redirect within the current web application
If you have developed a claims aware federated application (relying party) using Windows Identity Foundation (WIF), you may have noticed that when you type the URL of your application, you get redirected to the configured STS, get authenticated and all that token dance and when finally everything is working and you the redirect you get back to the relying party application boom!… you get the following error…
System.IdentityModel.Services.FederationException:
ID3206: A SignInResponse message may only redirect within the current web
application: ‘/xxxxx’ is not allowed.
Turns out (after wasting enough time figuring out what happened and searching for answers on the internet if you are a newbie), you missed the trailing slash ‘/’ at the end of the URL to your relying party…
Frustrating isn’t it? There are multiple ways to fix this problem… here is a quick way to solve this…
You can check for the trailing slash ‘/’ and redirect in the Application_BeginRequest method of global.asax as shown below
private void Application_BeginRequest(object sender, EventArgs e)
{
if (String.Compare(Request.Path, Request.ApplicationPath, StringComparison.InvariantCultureIgnoreCase) == 0 && !(Request.Path.EndsWith(“/”)))
Response.Redirect(Request.Path + “/”);
}
Benny Mathew 