We have a WIF FAM/SAM module configured for use with our third party ASP.NET 3.51 web app. The WIF 3.51 FAM module is supposed to receive a HTTP POST of a SAML token and go from there. Unforunately, something is preventing use of HTTP POST verb unless I enable RAMMFAR for the IIS modules (FAM/SAM) in web.config.
Here is the request/response:
POST http://foo.acme.com/capture/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: foo.acme.com
Content-Length: 9390
Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=wlf11f45bq0h1g45lg2dti45
{body / SAML token omitted for brevity}
HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS, TRACE
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 08 May 2013 16:24:31 GMT
Content-Length: 101
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used
Scott Hanselman says to be wary of enabling RAMMFAR due to performance ramifications. I have other .NET 3.51 apps that are WIF enabled and don't require enabling RAMMFAR. Why does this particular ASP.NET web require RAMMFAR on the IIS modules?