TCP Federation with Windows Identity Foundation

by Chad 25. March 2010 12:00

Windows Identity Foundation (WIF) makes it very easy to build basic federated scenarios. The WIF SDK offers Visual Studio templates for building simple Security Token Services (STS) and Relying Party (RP) services. The SDK also has an excellent help file with information about customizing the basic scenarios.

However, being as new as it is, there isn’t much guidance yet for building your own STSs and RPs from scratch. Also, the deployment and securirty best practices information is difficult to find or non-existent.

Lately, I’ve been researching WIF and discovered that I have a specific scenario that isn’t covered in the guidance. It seems to me that this would be a common scenario, but I was unable to find many resources online that offered help. In fact, I only found one blog post that was useful in solving this problem. You may want to check it out before going through all of the steps in this post.

imageMy scenario included a Claims Aware Relying Party WCF service that that exposed its endpoints over net.tcp bindings. The STS could be accessed through wsHttp endpoints.

I built this scenario but had a really difficult time updating the XML binding configurations for the RP and Client. This post includes my step by step notes for building the scenario described here. I’ve included the source code for download too, but it will NOT work on your computer because you will not have the same certificates or URIs. The steps and source code are provided for demonstration purposes and should not be used in production applications. (99.74 kb)

How To: Implement Federated Security over TCP

The steps below are pasted directly from my OneNote notebook so I have to apologize for the quality – that said, they should be clear enough to follow along. This process creates a functional federated solution, but it is far from being production-ready. I’m sure that there is a more direct way to accomplish this, but I’ve found that this process is a reliable way to build the appropriate bindings for TCP Federation.

**Before you start, you should have installed the WIF SDK (be sure that you’re on a supported OS – Vista or higher) and that you have a good ~30 minutes to finish these steps.

Note: You can click any of these images for a larger version

  1. Open Visual Studio 2008 as an Administrator (this is important because VS will need to create and install certificates in certmgr.msc)
    1. Create a new Blank Solution
    2. clip_image001
    3. In Solution Explorer: Right-click the WIFSample Solution
    4. Create your Relying Party Service (WCF Service Library)
    5. clip_image002
    6. Open the App.config, copy the base address for your RP service
    7. clip_image003
    8. In Solution Explorer: Right-click SampleRP project > Add STS Reference
    9. clip_image004
    10. clip_image005
    11. clip_image006
    12. clip_image007
    13. Right-click SampleRP project > Properties
      1. Choose the debug tab
      2. Remove /client:"WcfTestClient.exe" from the Command line arguments field – it will annoy you.
  2. Create HttpClient Console Application
    1. clip_image008
    2. Right-click HttpClient project > Add Service Reference
    3. clip_image009
    4. Right-click solution > Set startup projects
      1. Set all projects to start with the STS starting first, RP second and Client last
      2. clip_image010
    1. Call the RP Service from your Console Application
    2. clip_image011
    3. Add a reference to System.IdentityModel & Microsoft.IdentityModel to the RP service project
    4. Update Service1's implementation to output the claims identity
    5. clip_image012
  3. Test that the Http Bindings are correct
    1. clip_image013
  4. Add netTcp Binding to RP
    1. Open RP's App.config
    2. clip_image014
    3. Add endpoints for net.tcp bindings
    4. clip_image015
    5. Add the netTcp customBinding (you may want to copy this from the source code.)
    6. clip_image016
    7. And the binding for the STS
    8. clip_image017
    9. Lastly add the net.tcp endpoint to the audienceUris
    10. clip_image018
  5. Test that haven't broken your RP - Run the solution (note that you’re still using http endpoints on the RP)
    1. clip_image019
  6. Lastly, let's add a TcpClient
    1. Right-click solution > Add New Project > Console Application
    2. clip_image020
    3. Right-click TcpClient project > Add Service Reference
    4. clip_image021
    5. Open TcpClient's app.config and comment the http endpoint
    6. clip_image022
    7. Implement the TcpClient
    8. clip_image023
    9. clip_image024
  7. Success
  8. clip_image025



Powered by BlogEngine.NET
Theme by Mads Kristensen

About the author



Hi, my name is Chad Boschert and I'm a software developer in Springfield, Missouri. I've been developing .NET applications in C# since 2002.

Recent Comments

Comment RSS


<<  April 2014  >>

View posts in large calendar