Menu
I am curious to find out how we could possibly send a Security token from a WIF application that has already been authenticate to a WIF enabled WCF Service.
Any assistance will be appriciated
731
The answer is not simple but the following steps constitute the 'recommended pattern' and are documented in the following MSDN article: Identity Delegation with AD FS 2.0 Step-by-Step Guide
In summary
Allow you web application access to a special token (Bootstrap Token) that can be used to request services on behalf of the user who has authenticated using an STS by adding an item in the web.config:
saveBootstrapTokens="true"
Create a new trust between the WCF WIF enabled service and the STS so it 'knows' that that service can act as another authenticated user (ActsAS). Hopefully, you are using ADFS v2 as I imagine writing all the plumbing for a custom STS with ActsAs behaviour is not trivial.
When calling the WCF service you create a new channel specifically passing the BootStap token:
channel = factory.CreateChannelActingAs(callerToken);
I am a little concerned about performance due to all of the channel creation and how much the WCF services and the web app needs to talk to the STS service.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
