tags:

views:

32

answers:

1

I am curious to find out how we could possibly send a Security token from a WIF application that has already been authenticate to a WIF enabled WCF Service.

Any assistance will be appriciated

A: 

The answer is not simple but the following steps constitute the 'recommended pattern' and are documented in the following MSDN article: Identity Delegation with AD FS 2.0 Step-by-Step Guide

In summary

  1. Allow you web application access to a special token (Bootstrap Token) that can be used to request services on behalf of the user who has authenticated using an STS by adding an item in the web.config:

    saveBootstrapTokens="true"

  2. Create a new trust between the WCF WIF enabled service and the STS so it 'knows' that that service can act as another authenticated user (ActsAS). Hopefully, you are using ADFS v2 as I imagine writing all the plumbing for a custom STS with ActsAs behaviour is not trivial.

  3. When calling the WCF service you create a new channel specifically passing the BootStap token:

    channel = factory.CreateChannelActingAs(callerToken);

I am a little concerned about performance due to all of the channel creation and how much the WCF services and the web app needs to talk to the STS service.

David Evans

related questions