my escope :
How do you pass a (Claims) security Token to a WIF enabled WCF service?
Implement security asp mvc (ok)
Implement security in wcf (not ok)
Pass the token from client to wcf.(not ok)
My code client
using System.IdentityModel.Tokens;
using System.Security.Claims;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Web.Mvc;
using Microsoft.IdentityModel.Protocols.WSTrust;
using Nobre.Core.Helpers;
using Wcf;
namespace Mvc.Controllers
{
public class HomeController : Controller
{
[Authorize]
public ActionResult Index()
{
var identity = HttpContext.User.Identity as ClaimsIdentity;
var securityToken = WcfHelper.GetActAsToken(identity.BootstrapContext as BootstrapContext);
var serviceAddress = "https://estnbr363.nobre.local/Service1.svc";
var binding = new WSFederationHttpBinding();
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
binding.Security.Message.NegotiateServiceCredential = true;
binding.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
binding.Security.Message.IssuedTokenType ="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";
var factory = new ChannelFactory<IService1>(binding, serviceAddress);
factory.ConfigureChannelFactory();
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelActingAs(securityToken);
return View( channel.GetData(1));
}
}
}
web config service
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://nobre-security.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://nobre-security.accesscontrol.windows.net/v2/wsfederation" />
<add key="ida:ProviderSelection" value="ACS" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<!--<authorization>
<allow users="*" />
</authorization>-->
</system.web>
</location>
<system.web>
<!--<authorization>
<deny users="?" />
</authorization>-->
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<diagnostics>
<messageLogging maxMessagesToLog="25000" logEntireMessage="true" logMessagesAtServiceLevel="false" logMalformedMessages="true" logMessagesAtTransportLevel="true">
<filters>
<clear/>
</filters>
</messageLogging>
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding >
<binding >
<security mode="TransportWithMessageCredential">
<message issuedKeyType="BearerKey" negotiateServiceCredential="true">
<issuerMetadata address="https://federation.nobre.net.br/adfs/services/trust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<services>
<service name="Wcf.Service1" behaviorConfiguration="">
<endpoint name="ws2007FederationHttpBinding.Service1" address="ws2007FederationHttpBinding" binding="ws2007FederationHttpBinding" contract="Wcf.IService1" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<audienceUris>
<add value="https://estnbr363.nobre.local/Service1.svc" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://nobre-security.accesscontrol.windows.net/">
<keys>
<add thumbprint="213D414F8E89D865FD10A49C8C8F838A9460EBEE" />
</keys>
<validIssuers>
<add name="https://nobre-security.accesscontrol.windows.net/" />
</validIssuers>
</authority>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
</configuration>
line error
channel.GetData(1);
The address of the issuer of the security token was not specified. An explicit issuer address must be specified on the link to 'https://estnbr363.nobre.local/Service1.svc' destination or sender's address location must be configured in the credentials.
the problem are these lines below! how to implement ?
// Extract the STS certificate from the certificate store. ?????????
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(
X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
store.Close();
// Create an EndpointIdentity from the STS certificate. ???????????
EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );
// Set the IssuerAddress using the address of the STS and the previously created ???????
// EndpointIdentity.
b.Security.Message.IssuerAddress =
new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);