Using IdentityServer tokens in IIS hosted WCF service

1
votes

I am trying to use(consume) IdentityServer token in IIS hosted WCF service. I have seen the sample from Dominick for self hosted WCF service. But since my WCF service is hosted in IIS, I would need to configure the bindings and identityserver configuration options inside the web.config file. Can any one share web.config file with IdentityServer configurations? Please find my current configuration below:

<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2"/>
</system.web>
<system.serviceModel>
<bindings>
  <ws2007FederationHttpBinding>
    <binding name="WS2007FederationHttpBinding_IService1">
      <security mode="TransportWithMessageCredential">
        <message establishSecurityContext="false" issuedKeyType="BearerKey">
          <issuer address="https://localhost/dentityServer" />
        </message>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
</bindings>
<client>
  <endpoint address="https://localhost/IDPWcfService1/Service1.svc" 
            binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IService1"
            contract="WcfService1.IService1" name="WS2007FederationHttpBinding_IService1" ></endpoint>
</client>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
    <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>    
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
    To browse web app root directory during debugging, set the value below to true.
    Set to false before deployment to avoid disclosing web app folder information.
  -->
<directoryBrowse enabled="true"/>
</system.webServer>

</configuration>
1
c#wcfiisidentityserver3

1 Answers

1
votes

I am in the middle of doing same thing here, you need to add your custom XML wrapper class to encapsulate the JWT(which is simply the security token that will be passed to service with every call from clients so you can authenticate the client)

You can find more details on that in this article here: https://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/

Once this step is done you need to add this custom xml wrapper to web.config like this:

  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <securityTokenHandlers>
        <remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=abcdefg123456789"/>        
        <add type="Web.stuff.ServerSideAuthentication.IdentityServerWrappedJwtHandler, Web.stuff" />
      </securityTokenHandlers>
    </identityConfiguration>
  </system.identityModel>

Also don't forget to add a decalration for this new section under the configsections node.