WCF Web Service and Data Service using SAML

0
votes

I have WinForms and ASP.Net applications that need to access WCF Web and Data services using a SAML token.

I've been looking at Windows Identity Foundation (WIF) to enable the WCF service to use SAML tokens from an STS-IP.

On the client, do I make a call to the STS and get a SAML token, then pass the token to the WCF service? if so, how do I get the token then pass it to WCF?

or

Does the client pass the credentials (username/password) of the user to the WCF web service, which gets a SAML token and does its thing?

My understanding is WCF Data Services uses REST. So how does SAML work with REST?

1
wcfwcf-securitywcf-data-servicessamlwif

1 Answers

1
votes

The SAML token can be retrieved via WS-Trust in an active client scenario (WinForms). WS-Trust describes some services which an STS offers to get a token (Request for Security Token, RST). The token gets signed for the relying party (WCF service) and can be passed to it via an WS-Securtiy header. Of course some kind of credentials have to be passed to the STS to get a valid token first hand.

In the passive scenario (ASP.Net) it is a bit different. Most commonly the web app handles its user authentification using a STS. So the user has a valid associated SAML token. WS-Trust is used to get a token valid for the relying party. Then same procedure than above.

The relying party (WCF service) only handles request with a valid SAML token. It never gets a token for a user. After all passing username/password and handling authentification there is exactly what you want to avoid with claim based identity ;-)

I guess you take a look at "A Guide to Claim-Based Identity and Access Control from MS. Of course WS-Trust/WS-Security are used with SOAP web services.