Clever Geek Handbook

How to use IssuedToken in client with WCF service reference

I have a WinForms application with a service reference generated from a WCF service that uses WS2007FederationHttpBinding. I don't understand why the following doesn't work.

My WinForms application calls a WCF service using Thinktecture.IdentityServer configured to handle tokens of type BearerKey.

From my client, I just get a valid access token and make this call:

    private static void CallServiceReference(SecurityToken token)
    {
        ServiceReference1.ClaimsServiceContractClient svcRef = new ServiceReference1.ClaimsServiceContractClient();

        svcRef.ChannelFactory.Credentials.SupportInteractive = false;
        svcRef.ChannelFactory.CreateChannelWithIssuedToken(token);
        var claims = svcRef.GetClaims(); 
    }

Here is a winforms app.config client for the service reference:

<system.serviceModel>
      <bindings>
              <ws2007FederationHttpBinding>
                      <binding name="WS2007FederationHttpBinding_ClaimsServiceContract">
                              <security mode="TransportWithMessageCredential">
                                      <message establishSecurityContext="false" issuedKeyType="BearerKey">
                                              <issuer address="https://identity.MyCo.com/issue/wsfed" binding="ws2007HttpBinding"
                                                      bindingConfiguration="https://identity.MyCo.com/issue/wstrust/mixed/username" />
                                              <issuerMetadata address="https://identity.MyCo.com/issue/wstrust/mex" />
                                              <tokenRequestParameters>
                                                      <trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
                                                              <trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
                                                              <trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
                                                              <trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
                                                      </trust:SecondaryParameters>
                                              </tokenRequestParameters>
                                      </message>
                              </security>
                      </binding>
              </ws2007FederationHttpBinding>
              <ws2007HttpBinding>
                      <binding name="https://identity.MyCo.com/issue/wstrust/mixed/username">
                              <security mode="TransportWithMessageCredential">
                                      <transport clientCredentialType="None" />
                                      <message clientCredentialType="IssuedToken" establishSecurityContext="false" />
                              </security>
                      </binding>
              </ws2007HttpBinding>
      </bindings>
      <client>
              <endpoint address="https://roadie/WebTest/service.svc" binding="ws2007FederationHttpBinding"
                      bindingConfiguration="WS2007FederationHttpBinding_ClaimsServiceContract"
                      contract="ServiceReference1.ClaimsServiceContract" name="WS2007FederationHttpBinding_ClaimsServiceContract" />
      </client>
  </system.serviceModel>

When I try to make a service call (svcRef.GetClaims ()) I get this error:

"No security token address is specified. An explicit issuer address must be specified in the binding for the target ' https://identity.MyCo.com/issue/wsfed ' or a local issuer address must be configured in the credentials."

This error is lame and confusing, it looks like the config has the issuer specified in config!

Finally, I know the WCF service and the identity service are valid because it all works fine using a custom ChannelFactory, also using this exact method to apply the token:

var channel = factory.CreateChannelWithIssuedToken(token);

But my requirement is to use the created ServiceReference .:(

+3


source to share


2 answers


You should use the created channel like this:



private static void CallServiceReference(SecurityToken token)
{
    ServiceReference1.ClaimsServiceContractClient svcRef = 
        new ServiceReference1.ClaimsServiceContractClient();

    svcRef.ChannelFactory.Credentials.SupportInteractive = false;
    var svcChannel = svcRef.ChannelFactory.CreateChannelWithIssuedToken(token);
    var claims = svcChannel.GetClaims();
}
+2


source


I think the only way to use the generated proxy from the service reference is to configure your client to automatically request a token and set the appropriate ClientCredentials property on the proxy instance you are creating before making the service call.

We use the issued token that we cache on the client in the project I'm working on, but then we have to use the CreateChannelWithIssuedToken factory channel just as you describe.



By the way, this is when using WIF in .NET 4.0. There may be other options if you are using .NET 4.5.

0


source






More articles:


All Articles