as follow up to last post. Once you drop your first class into App_Code you will encounter an error stating you cant have both VB and C# code in same directory. Fine, I never did like semicolon anyway, so I deleted WIFSampleRequestValidator.cs and removed
from the system.web part of web.config. First time I try logging in I instantly get
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
oh, so TTHAAATTSS what the ugly C# code did. Ah well, I added the above statement in web.config and added a new SampleRequestValidator class.