.net - WIF (using Thinktecture Identity Server) and Duplex WCF Channels -

.net - WIF (using Thinktecture Identity Server) and Duplex WCF Channels -

i using thinktecture identity server version 2.4 , windows identity foundation secure communications between .net application , server using issued tokens.

i have working on standard wcf net tcp channel exposing federated endpoint , using “createchannelwithissuedtoken(securitytoken)” method of channel mill supply security token returned issue request.

however there appears no equivalent method duplexchannelfactory allows pass in instance context. have read article - http://msdn.microsoft.com/en-us/library/cc668765(v=vs.110).aspx – details how create duplex bindings accomplish this, when creating channel can see no way of setting security token on channel.

there issuedtoken property - http://msdn.microsoft.com/en-us/library/system.servicemodel.description.clientcredentials.issuedtoken(v=vs.110).aspx - on client credentials, it’s read only.

has achieved federated security on duplex channel using tcp message security mode offer advice?

although manually creating channel , issuing token sts isn't wrong, can take advantage of wif framework you.

if configure client through configuration aware of sts, framework retrieve token using message credentials set on channel. framework set "issuedtoken" property on credentials of channel.

<ws2007httpbinding> <binding name="ws"> <security mode="transportwithmessagecredential"> <message establishsecuritycontext="false" negotiateservicecredential="true" clientcredentialtype="username" /> </security> </binding> </ws2007httpbinding> <custombinding> <binding name="federationduplextcpmessagesecuritybinding"> <reliablesession /> <security authenticationmode="secureconversation"> <secureconversationbootstrap authenticationmode="issuedtokenforsslnegotiated"> <issuedtokenparameters> <issuer address="https://identityserver.domain/issue/wstrust/mixed/username" binding="ws2007httpbinding" bindingconfiguration="ws" /> <issuermetadata address="https://identityserver.domain/issue/wstrust/mex" /> <additionalrequestparameters> <wsp:appliesto xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <endpointreference xmlns="http://www.w3.org/2005/08/addressing"> <address>relyingparty.com</address> </endpointreference> </wsp:appliesto> </additionalrequestparameters> </issuedtokenparameters> </secureconversationbootstrap> </security> <tcptransport /> </binding> </custombinding>

the code snippet above shows how can create duplex channel using secure conversation , secureconversationbootstrap take care of federated security.

one advantage of can setup own relying party uri, don't have utilize wcf endpoint relying party's identifier.

you need set federated service behaviour enable wif follows (useidentityconfiguration important, turns wif on):

<behavior name="federatedservicebehaviour"> <clientcredentials useidentityconfiguration="true" supportinteractive="false" > <servicecertificate/> </clientcredentials> </behavior>

setting service endpoint documented here: http://msdn.microsoft.com/en-us/library/cc668765(v=vs.110).aspx (to degree)

as far can see duplexchannelfactory exposes no method creating channels issued tokens while passing through instance context.

hope helps!

.net wcf wif thinktecture-ident-server