• Getting a token from ADFS (ex Geneva Server) using WCF

    Published by Matias Woloski on July 17th, 2009 11:03 pm under ADFS, Geneva Server, WCF, Windows Identity Foundation

    7 Comments

    I’ve been doing some tests to get a token from ADFS (Geneva Server) using Windows Identity Foundation  WSTrustClient. In this case we are using the UserNameMixed endpoint that expects a WS-Security UsernameToken (notice the MessageCredentialType.UserName).

    internal static ClaimsIdentityCollection RequestTokenWithUsernameMixed()
{
    var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
    binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
    binding.Security.Message.EstablishSecurityContext = false;

    var credentials = new ClientCredentials();
    credentials.UserName.UserName = "Mary";
    credentials.UserName.Password = "Passw0rd!";
    var endpoint = "https://mygenevaserver/Trust/13/UsernameMixed";
    var client = new WSTrustClient(binding, new EndpointAddress(new Uri(endpoint)), TrustVersion.WSTrust13, credentials);

    var request = new RequestSecurityToken();
    request.RequestType = "http://schemas.microsoft.com/idfx/requesttype/issue";
    request.AppliesTo = new EndpointAddress("http://localhost/activerp");
    var token = client.Issue(request) as GenericXmlSecurityToken;

    var claims = token.ToClaimsIdentityCollection(TrustVersion.WSTrust13,                   CertificateUtility.GetCertificate(StoreName.My, StoreLocation.LocalMachine,                   "CN=Geneva Signing Certificate - WIN-66EYOLL2BVY"),                   CertificateUtility.GetCertificate(StoreName.My, StoreLocation.LocalMachine,                   "CN=WMSvc-WIN-66EYOLL2BVY"));

    return claims;
}

    Here is another one using the WindowsMixed endpoint (notice the MessageCredentialType.Windows and no username and password set)

    internal static ClaimsIdentityCollection RequestTokenWithWindowsMixed()
{
    var binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential, false);
    binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
    binding.Security.Message.EstablishSecurityContext = false;

    var credentials = new ClientCredentials();
    var endpoint = "https://mygenevaser/Trust/13/WindowsMixed";
    var client = new WSTrustClient(binding, new EndpointAddress(new Uri(endpoint)), TrustVersion.WSTrust13, credentials);

    var request = new RequestSecurityToken();
    request.RequestType = "http://schemas.microsoft.com/idfx/requesttype/issue";
    request.AppliesTo = new EndpointAddress("http://localhost/activerp");
    var token = client.Issue(request) as GenericXmlSecurityToken;

    var claims = token.ToClaimsIdentityCollection(TrustVersion.WSTrust13,                    CertificateUtility.GetCertificate(StoreName.My, StoreLocation.LocalMachine,                    "CN=Geneva Signing Certificate - WIN-66EYOLL2BVY"),                    CertificateUtility.GetCertificate(StoreName.My, StoreLocation.LocalMachine,                   "CN=WMSvc-WIN-66EYOLL2BVY"));

    return claims;
}

    You can use this together with the CreateChannelWithIssuedToken extension method (as shown in a previous post).

    Download the code

  • 7 Comments:

    1. dominick said on July 18, 2009:

      Hi,

      it is even easier when using the pre-built WCF binding to talk to ADFS (still feels strange to say that ;) .

      e.g.

      Microsoft.IdentityModel.Protocols.WSTrust.Bindings.UserNameWSTrustBinding

      or

      Microsoft.IdentityModel.Protocols.WSTrust.Bindings.KerberosWSTrustBinding

    2. DotNetShoutout said on July 19, 2009:

      Getting a token from ADFS (ex Geneva Server) using WCF…

      Thank you for submitting this cool story – Trackback from DotNetShoutout…

    3. Susan said on July 23, 2009:

      I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

      Susan

      http://8080proxy.com

    4. S Chugh said on August 5, 2009:

      You know yo use Mary and Passw0rd when using Username mixed authentication. Is your Identity provider geneva Server or are you authenticating against a custom SQL store using a custom STS?

    5. Matias Woloski said on August 6, 2009:

      @dominick Cool, I didn’t know about that!

      @Chugh I have an AD account Mary. I’m using ADFS (Geneva Server) which does not support SQL Server to store accounts.

    6. Mike Podruchny said on November 14, 2009:

      I am trying to this same thing with beta 2 and I keep getting a token with no claims. When using the default login page, I get tokens with the proper claims. Any ideas?

    7. Lakshman Abburi – Oracle: API to get token using WIF « oracle fusion identity said on March 30, 2012:

      [...] Abburi – Oracle: API to get token using WIF 30 Mar Copy-pasted from blog – [...]

    Leave a comment

    Your email address will not be published.

Meta

Locations of visitors to this page

Archives

Tags

Categories