My front-end webapplication (MVC) uses a bearer key (SAML) to authenticate itself to the WCF backend serice. The authentication works fine and the ClaimsIdentity object is set properly. However, the username of the ClaimsIdentity does not appear in the W3C IIS logging. Where at the front-end the username is part of the (IIS W3C) log record it does not appear on the WCF service.
Front-end log record:
2016-02-02 16:10:24 xxx.xxx.xxx.xxx POST /mobile/Tasks/Tasks/ 443 Wit.329406069 xxx.xxx.xxx.xxx Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+BOIE9;NLNL;+rv:11.0)+like+Gecko 200 0 0 597 17504 937
Backend log record:
2016-02-02 16:10:24 xxx.xxx.xxx.xxx POST /services/TaskService.svc - 443 - xxx.xxx.xxx.xxx - 200 0 0 1118 9239 765
The username is missing in the backend logging.
Here is the binding that I use:
<ws2007FederationHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message issuedKeyType="BearerKey" establishSecurityContext="false">
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
