If you happen to get the following sql error: 

An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005 or above, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections..

You are not alone. There are a lot of solutions out on the web, the best i can find is this:

http://sequelserver.blogspot.com/2007/06/under-default-settings-sql-server-does.html

However, the error i am getting is actually because i have installed the full version of SQL without the SQL Express. However, my sql command was actually calling

sqlcmd -S localhost \sqlexpress -E -b –d databaseName -i sqlScriptPath

instead you need to call

If you are getting an error like : Cannot resolve KeyInfo for unwrapping key: KeyInfo 'SecurityKeyIdentifier and your have checked that your certificate is in the right store and right place.

So this might be the reason. check the binding you have and make sure the negotiateServiceCredential has the same value. By default, it is true.

Reason? The server will use this flag to try to build the primary token resolver which is being used to resolve those key info clause. If that flag is ture, then the server will load the server certificate into the primary token resolver, so it will fail to resolve the key info if client sends one.

So where is that flag? Here is an example where this could be located:

<wsHttpBinding>

<binding ...>

algorithmSuite="Default" establishSecurityContext="true" />

</security>

</binding>

</wsHttpBinding>

 Hope this helps!

There are two options:

1. OperationContext.Current.

Pros: This is pretty straightforward and relatively hard to discover. 

Cons: This is a thread local storage, and you are invoking a async call, it does not work well.

2. ChannelParameterCollection

This is very sneaky. You will need to add the object to channel first in your client app code,

                                // add the token to the channel parameter collection

                               ChannelParameterCollection parm = (ChannelParameterCollection)( (IChannel)client ).GetProperty<ChannelParameterCollection>();

                parm.Add( myState);

Then you can retrieve it from the requirement, and set it on the custom token provider

public override SecurityTokenProvider CreateSecurityTokenProvider( SecurityTokenRequirement tokenRequirement )

        {

            // retrieve the ChannelParameterCollection from the token requirements

                                ChannelParameterCollection collection = null;

                if ( !tokenRequirement.TryGetProperty<ChannelParameterCollection>( ServiceModelSecurityTokenRequirement.ChannelParametersCollectionProperty, out collection ) )

                {

                    Console.WriteLine( "could not found ChannelParameterCollection" );

                }

                  // now add the collection to your issuedsecuritytokenprovider

            CustomIssuedSecurityTokenProvider federationTokenProvider = new CustomIssuedSecurityTokenProvider(collection);

}

The last step is to simply retrieve it from the BeginGetTokenCore() method

 public class CustomIssuedSecurityTokenProvider : IssuedSecurityTokenProvider

    {

        ChannelParameterCollection _collection;

        /// <summary>

        /// Constructor

        /// </summary>

        public CustomIssuedSecurityTokenProvider(ChannelParameterCollection collection)

            : base()

        {

            _collection = collection;

        }

        ChannelParameterCollection Collection

        {

            get

            {

                return _collection;

            }

        }

        protected override IAsyncResult BeginGetTokenCore( TimeSpan timeout, AsyncCallback callback, object state )

        {

            foreach ( object o in _collection )

            {

                if ( o is someType)

                {

                    // turn it into your type

                }

            }

            …

        }

}

Hope it helps

First let me explain why it does not work.

There are three string comparisons done by card space. The information card has Issuer, IssuerEndpointAddress, and IssuerMexAddress.

When you hit a web site which requires an information card, in other words, it contains a object tag which has specified the Issuer and Mex address.

Comparison 1: CardSpace UI would do a string comparison between the Issuer specified in the object tag and all the cards it has, and light up only those matches.

Comparison 2: Then when you select a hightlighted card, it uses the IssuerMexAddress inside the card to retrieve wsdl from the issuer. When the wsdl returns, it then compares the address inside the wsdl and the IssuerEndpointAddress inside the card. It fails if it does not match.

If everything goes well, it will go to the Issuer to get the token.

So why localhost does not work by default?

IIS hosted WCF service's Issuer Endpoint Address would be fully qualifed domain name, something like mymachinename.mydomain.com. Literally it would not match localhost. So the comparison 1 would fail, where the card would specify the fully qualifed domain name, so the card would not even light up. Even if you managed to make the card issuer name use the localhost, and select the card, the mex retrieval process is going to fail because you will try to send a mex request to the https://mymachine.mydomain.com/..., but your ssl cert is actuall localhost. This will fail because https will compare validate the ssl cert.

Two ways to fix it.  

First option is to modify the IIS setting so that the WCF service will indeed host over the localhost. Two simple command line would do.

cscript //nologo %systemdrive%\inetpub\adminscripts\adsutil.vbs set W3SVC/1/ServerBindings :80:localhost

cscript //nologo %systemdrive%\inetpub\adminscripts\adsutil.vbs set W3SVC/1/SecureBindings :443:localhost

This will make the IIS hosted WCF service really use localhost.

Second option is to modify the manged card so that its Issuer Name is http://localhost/..., its token service endpoint address is http://mymachine.mydomain.com/... and my token service mex endpoint address is https://localhost/.../mex

There are three steps you need to take to make it work.

 1. Modify your hosts file under \Windows\System32\drivers\etc\hosts and add the following entry:

127.0.0.1    mydomain.com

2. Turn off your proxy dection from the IE,

 Go to Tools->Internet Options->Connection->LAN Settings, uncheck everything

3. Modify your binding in the IIS manager to use mydomain.com instead of localhost as host header.

http://blogs.msdn.com/wenlong/archive/2007/08/02/how-to-change-hostname-in-wsdl-of-an-iis-hosted-service.aspx

BTW, you need to remove the quote here. 

So instead of

cscript //nologo %systemdrive%\inetpub\adminscripts\adsutil.vbs set W3SVC/1/SecureBindings “:443:www.fancydomain.com”

you shoud do 

cscript //nologo %systemdrive%\inetpub\adminscripts\adsutil.vbs set W3SVC/1/SecureBindings :443:www.fancydomain.com

Hope this helps.

You need to make sure that your personal card contains the required claim types you specified in your client binding. To fix this, try set the required claim types to one of the claims that your personal card has.

WSFederationHttpBinding binding = new WSFederationHttpBinding( WSFederationHttpSecurityMode.Message );

The common error that users will run into for the personal card scenario is that the WCF service cannot verify the signing credentials of the saml token. This is because the personal card will trigger the card space runtime to issue a saml token signed by rsa key. And you need to turn on one boolean to make it work.

sh.Credentials.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = true;