public ActionResult Webservice()
{
ViewBag.Message = "Your application description page.";
// Setup the channel factory for the call to the backend service
var binding = new WS2007FederationHttpBinding(
WSFederationHttpSecurityMode.TransportWithMessageCredential);
var factory = new ChannelFactory<WebService.IService>(binding, new EndpointAddress("https://[BackendService]/Service.svc"));
// turn off CardSpace
factory.Credentials.SupportInteractive = false;
// Get the token representing the logged in user
var actAsToken = GetActAsToken();
// Create the channel to the backend service using the acquired token
var channel = factory.CreateChannelWithIssuedToken(actAsToken);
// Call the service
var serviceClaims = channel.GetClaimsPrincipal();
// At this point, you can compare the claims the are available to the backend service with the ones available to the web app
// See for example that the backend service has knowledge of both the logged in user and the front end app through which the user is logged in
ViewBag.Message = "Web service call succeeded!";
return View();
}
private static void CallService(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IClaimsService>(
binding,
new EndpointAddress("https://adfs.leastprivilege.vm/adfsapp/service.svc"));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
channel.GetClaims().ToList().ForEach(c => Console.WriteLine(c.Value));
}
private static void CallService(SecurityToken token)
{
"Calling Service".ConsoleYellow();
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IClaimsService>(binding, new EndpointAddress(_serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var proxy = factory.CreateChannelWithIssuedToken(token);
var id = proxy.GetIdentity();
Helper.ShowIdentity(id);
}
private static IService CreateProxy()
{
// request identity token from ADFS
SecurityToken token = RequestIdentityToken();
// set up factory and channel
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService>(binding, _serviceEndpoint);
factory.Credentials.SupportInteractive = false;
// enable WIF on channel factory
factory.ConfigureChannelFactory();
return factory.CreateChannelWithIssuedToken(token);
}
static void Main(string[] args)
{
var jwt = GetJwt();
var xmlToken = WrapJwt(jwt);
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.HostNameComparisonMode = HostNameComparisonMode.Exact;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService>(
binding,
new EndpointAddress("https://localhost:44335/token"));
var channel = factory.CreateChannelWithIssuedToken(xmlToken);
Console.WriteLine(channel.Ping());
}
private static void CallService(SecurityToken token)
{
//var serviceEndpoint = "https://" + "adfs.leastprivilege.vm" + "/rp/service.svc";
var serviceEndpoint = "https://" + "localhost:44305" + "/service.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IClaimsService>(
binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
var claims = channel.GetClaims();
claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value));
}
private IFederatedService CreateClient()
{
//var serviceEndpoint = "https://localhost:44300/FederatedService.svc";
//var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
//binding.Security.Message.EstablishSecurityContext = false;
//binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
//var factory = new ChannelFactory<IFederatedService>(
// binding,
// new EndpointAddress(serviceEndpoint));
//factory.Credentials.UseIdentityConfiguration = true;
//factory.Credentials.SupportInteractive = false;
var factory = new ChannelFactory<IFederatedService>("WS2007FederationHttpBinding_IFederatedService");
var token = GetIssuedToken();
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
private void _btnCallService_Click(object sender, RoutedEventArgs e)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var ep = new EndpointAddress("https://" + Constants.WebHost + "/webservicesecurity/soap.svc/bearer");
var factory = new ChannelFactory<IService>(binding, ep);
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(RSTR.SecurityToken);
var claims = channel.GetClientIdentity();
var sb = new StringBuilder(128);
claims.ForEach(c => sb.AppendFormat("{0}\n {1}\n\n", c.ClaimType, c.Value));
_txtDebug.Text = sb.ToString();
}
private static void CallMessage(SamlSecurityToken token)
{
var factory = new ChannelFactory<IServiceClientChannel>(
new ClientSamlHttpBinding(SecurityMode.Message),
new EndpointAddress(
new Uri("http://roadie:9000/Services/ClientSaml/Message"),
EndpointIdentity.CreateDnsIdentity("Service")));
factory.Credentials.ServiceCertificate.SetDefaultCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectDistinguishedName,
"CN=Service");
factory.ConfigureChannelFactory<IServiceClientChannel>();
var proxy = factory.CreateChannelWithIssuedToken<IServiceClientChannel>(token);
proxy.Ping("foo");
proxy.Close();
}
private static void CallMixedMode(SamlSecurityToken token)
{
var factory = new ChannelFactory<IServiceClientChannel>("*");
factory.ConfigureChannelFactory<IServiceClientChannel>();
var proxy = factory.CreateChannelWithIssuedToken<IServiceClientChannel>(token);
proxy.Ping("foo");
proxy.Close();
}
private static IClaimsService GetServiceProxy(SecurityToken token)
{
var serviceAddress = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Reply + "service.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IClaimsService>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
