Windows Identity Foundation ( WIF ) - Principal/Identity not coming back from service

1
votes

I have a ServiceStack service that uses WIF - internally everything works great - the ClaimsPrincipal & ClaimsIdentity objects get created, adding/reading claims from them is no problem at all.

However when i try to get this object from a client (tried ServiceStack client and c# WebRequest) it returns only a portion of the object - regardless if i have WIF installed on the client and attempt to cast. If i call directly and get the json result, this is all that is returned:

{"Principal":{"__type":"Microsoft.IdentityModel.Claims.ClaimsPrincipal, Microsoft.IdentityModel","Identity":{"__type":"Microsoft.IdentityModel.Claims.ClaimsIdentity, Microsoft.IdentityModel","Name":"BoogeyFace","AuthenticationType":"","IsAuthenticated":true}}}

How do i get the full WIF ClaimsPrincipal across the service boundary?

thanks :-)

1
c#wifservicestack
Are you sure you want to pass your claims principal across boundaries rather than issue and consume saml tokens or wif cookies? What's the actual scenario? - Wiktor Zychla
Good question - its an SOA app and other services want to get the ClaimsPrincipal to interrogate and get claims info - otherwise what really is the point of ClaimsPrincipal? I mean i could have just created a custom object that implements IPrincipal and IIdentity as i have always done in the past .. maybe i am missing something? - schmoopy
I don't quite get it and still believe you should pass saml or reuse the cookie. If you just want to pass claims around, pass then as a string-string dict rather than the principal object. - Wiktor Zychla
yea, thats what i'll have to do.. i guess this statement from WIF only means delegation from the backend services: Identity Delegation. WIF makes it easy to maintain the identities across the service boundaries so that developers can achieve an identity delegation scenario. - schmoopy
I know how wif works but have never heard of or done myself passing the claims principal object. It is not intended to cross boundaries. - Wiktor Zychla

1 Answers

0
votes

To reuse issued token you have to configure your service to save bootstrap tokens. This seams to be called save bootstrap context in .net 4.5. This will give you access to your token in IClaimsIdentity.BootstrapToken property. See here for more details.

Having your original token on the service side allows You to communicate with another service just as if You were on a client. For example You could use CreateChannelWithIssuedToken which is described here.