Kentor.AuthServices 0.9.0 SAML2 for ASP.NET Released

The Kentor.AuthServices SAML2 Service Provider has got one important improvement for simplified operations: automatic metadata refresh. Identity providers and federations configured by loading metadata are now automatically refreshed based on the cache duration settings in the received metadata. Especially for federation setups this significantly simplifies the operations. When new identity providers are added to the federation, those are automatically made available in AuthServices and any removed identity providers are pruned from the active list.

The core AuthServices, MVC and Owin packages are all available for download on Nuget. The source and issue list are on GitHub.


  • Automatic refresh of metadata.
  • StubIdp metadata contains cacheDuration
  • Configuration option for metadataUrl for identity providers.
  • returnUri renamed to returnUrl in configuration.

Solving the set Startup Projects bug in Visual Studio

This is a guest post by Albin Sunnanbo sharing how a mysterious Visual Studio problem made the Set Startup project command fail.

In one of our projects at work we had this mysterious problem with Visual Studio, both 2012 and 2013. It happened to some developers and some machines. When I got a new computer a while ago I was hit with this dreaded bug too. This is a story about how to use available clues to succeed with solving even the strangest problems.

When trying to set multiple startup projects in Visual Studio we right click solution, click Set StartUp Projects…
and expect the familiar dialog to pop up. But no, the menu disappears and then nothing happens. No dialog. Nothing.
If we click Properties instead we get an ugly dialog with the text “Object reference not set to an instance of an object.”

That poor dialog is pretty famous, it got something like a quarter of a million hits on Google. More than I’ll ever get.
Nothing on the top five Google pages seemed to help. We finally found a workaround. Uninstall NuGet package manager, set your startup projects, reinstall NuGet package manager. Not particularly elegant, but at least we could proceed with our regular work.

Kentor.AuthServices 0.8.0 SAML2 for ASP.NET Released

We continue to improve the Kentor.AuthServices SAML2 Service Provider for ASP.NET with the release of version 0.8.0. With this release the entire configuration system has been rebuilt, to enable configuration from other sources than the config file. This is good news for anyone thinking of integrating Kentor AuthServices in an application where configuration is offered through a user interface. There has also been further support for federations added, with administrative metadata now being exported as well as support attribute consuming services and the Idp discovery extensions to metadata.

The core AuthServices, MVC and Owin packages are all available for download on Nuget. The source and issue list are on GitHub.


  • Automatic generation of service provider URLs, removing configuration.
  • Configuration can now be supplied from code and not only in config file.
  • Administrative metadata (organization and contactPerson) support.
  • Serialization of SAML Attributes.
  • Support for Bootstrapcontext, saving incoming assertion in the resulting identity.
  • Fixed new principal returned by ClaimsAuthenticationManager being ignored.
  • Attribute consuming service support in metadata and AuthnRequest.
  • Discovery service response location included in metadata if use of discovery service is enabled.
  • Fixed null reference exception on HTTP POST with owin middleware.

Partial Commits with Git

Every once in a while I’m working on a feature, only to discover that I need to extend another part of the code first. If I was disciplined, I would create another branch at that point. But I’m not. I end up with both the extended utility class and the actual feature as pending changes. With git it is simple to make two separate commits while ensuring that every commit compiles.

I’m working on my new big thing; the command line calculator. I’ve already done addition and am quite happy with that and I’m now implementing subtraction. Half way through the subtraction implementation I discover that I need to make some changes to the console output formatter class. It has the + sign hard coded and now needs to take that as a parameter. I do that and end up with a working solution.

Doing a git status however shows a mess.

C:\git\spikes\gitpartial [master +1 ~2 -0 !]> git status
On branch master
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)
        modified:   ConsoleFormatter.cs
        modified:   Program.cs
Untracked files:
  (use "git add <file>..." to include in what will be committed)
no changes added to commit (use "git add" and/or "git commit -a")
C:\git\spikes\gitpartial [master +1 ~2 -0 !]>

I’ve got both the updated ConsoleFormatter.cs, the updated Program.cs and the new Subtraction.cs. The first one contains the updated console formatting features that are independent of the added functionality. I want to commit the ConsoleFormmatter.cs separately. And not only commit it. I want to compile and test the exact code I’m going to commit, by hiding the other files from view. With git this can be done with just a few commands. With subversion, I’ve never quite figured out how to do it in a simple enough way. I usually end up with one big commit on svn. If anyone knows how to do this as simple in svn, please leave a comment.

Beware of Uri.ToString()

When working with urls, it’s sometimes better to use the Uri class than to keep the Uri in a simple string. The Uri class helps validate that the format is a valid Uri and helps splitting out the parts of the Uri in a safe manner. But there is a big gotcha in that Uri.ToString() returns an unescaped representation of the Uri.

The contents of this post might sound simple, but they were behind a nasty heisenbug. Every single insight in this post is something that I learned in a very painful way. I hope that reading this post will convey the same insights in a less painful way.

TL;DR; in two lines of code

The entire problem can be expressed in two lines of code.

var uri = new Uri("http://localhost?p1=Value&p2=A%20B%26p3%3DFooled!");
Console.WriteLine("uri.ToString(): " + uri.ToString());

It looks simple and it should be simple, but it isn’t. When running these two lines on the .NET Framework 4 the following output is produced:

http://localhost/?p1=Value&p2=A B&p3=Fooled!

The query string has been decoded in such a way that it looks like there is an extra parameter p3!

When targeting .NET 4.5 however only the space is unescaped. This can be explained as a result of the breaking changes to System.Uri in .NET 4.5. But that is not the whole story. It gets more complicated (and bug prone) because .NET 4.5 is an in place upgrade to .NET 4.0.

Software Development is a Job – Coding is a Passion

I'm Anders Abel, a systems architect and developer working for Kentor in Stockholm, Sweden.

profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers

The complete code for all posts is available on GitHub.

Popular Posts



Powered by WordPress with the Passion for Coding theme.