views:

87

answers:

1

Folks,

Here's what I've done so far:

1) Created an ASP.NET MVC relying party application and secured it with ADFS v2.0. This works.

2) Created a WCF Service using the Claims-Aware service template for an ASP.NET website. I've turned ASP.NET compatibility for the service ON because the service wouldn't activate otherwise. I've moved the interface for said service to a 'SharedContracts' assembly.

3) Set up the WCF service as a relying party using the "Add STS" reference, also pointing at my ADFS server.

4) Configured the ADFS server to include the WCF service as a relying party and issue it LDAP claims.

What I want to do now is talk to the service using ActAs. In other words, when someone hits HomeController.Index() from the ASP.NET MVC site with a token full of claims (remember the MVC site is a relying party), I want this method to programmatically create a client proxy and invoke the single service method I have on the WCF service (a method called "HelloClaim", which is nearly identical to the stock method that comes with the claims-aware service template).

Here's the code I've got so far:

[ValidateInput(false)]
public ActionResult Index()
{
  SecurityToken callerToken = null;

  IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
  if (claimsPrincipal != null)
  {
    foreach (IClaimsIdentity claimsIdentity in claimsPrincipal.Identities)
    {
      if (claimsIdentity.BootstrapToken is SamlSecurityToken)
      {
        callerToken = claimsIdentity.BootstrapToken;
        break;
      }
    }

    string baseAddress = "http://khoffman2/SecureServices/Service.svc";

    ChannelFactory<IHelloClaim> factory = new ChannelFactory<IHelloClaim>(new WebHttpBinding(), new EndpointAddress(baseAddress));
    factory.ConfigureChannelFactory<IHelloClaim>();
    IHelloClaim hello = factory.CreateChannelActingAs<IHelloClaim>(callerToken);

    string result = hello.HelloClaim();
    ViewData["Message"] = "Welcome to ASP.NET MVC!";
  }



  return View();
}

When I attempt to invoke the method, I get the following error message:

Manual addressing is enabled on this factory, so all messages sent must be pre-addressed.

I'm pretty sure I'm just not doing enough to configure the binding and the endpoint programmatically. If any of you have done this before or you know how to do it, I would love to be able to get this working.

Bottom line is I'm just making use of the basic identity delegation scenario - the only difference is I'm not using generated client proxies.

Thanks!!

A: 

Take a look at this guide over at TechNet as it has a walkthrough on how to setup the scenario you've described:

http://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by-step-guide(WS.10).aspx

In their example, I believe they are using standard WebForms, but in the case of MVC you can put the ChannelFactory initialization within the Global.asax within the Application_Start.

MattK