/// <summary> /// Create a communication channel to the SIMS application server. /// Instead of relying on unweildy .config files full of WCF binding information, we will do this longhand as an example. /// </summary> /// <returns></returns> private ChannelFactory <IDataEntityIO> GetApplicationServerChannelFactory() { // Manually set up the connection parameters to the application server using HTTPS to encrypt the message content and the HTTP stream. WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); // Quotas binding.ReaderQuotas.MaxArrayLength = 2147483647; binding.ReaderQuotas.MaxStringContentLength = 2147483647; binding.ReaderQuotas.MaxDepth = int.MaxValue; binding.MaxReceivedMessageSize = int.MaxValue; binding.MaxBufferPoolSize = int.MaxValue; // Notify the connection that we will be providing a security token. binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = true; binding.UseDefaultWebProxy = true; binding.BypassProxyOnLocal = false; // Create a communication channel factory to communicate with the iSIMS application server ChannelFactory <IDataEntityIO> factory = new ChannelFactory <IDataEntityIO>(binding, new EndpointAddress(_applicationServerAddress)); return(factory); }
private static Binding GetServiceBinding() { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message); binding.Security.Message.IssuerMetadataAddress = new EndpointAddress("http://localhost:8081/STS/mex"); return(binding); }
public ActionResult Webservice() { ViewBag.Message = "Your application description page."; // Setup the channel factory for the call to the backend service var binding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.TransportWithMessageCredential); var factory = new ChannelFactory <WebService.IService>(binding, new EndpointAddress("https://[BackendService]/Service.svc")); // turn off CardSpace factory.Credentials.SupportInteractive = false; // Get the token representing the logged in user var actAsToken = GetActAsToken(); // Create the channel to the backend service using the acquired token var channel = factory.CreateChannelWithIssuedToken(actAsToken); // Call the service var serviceClaims = channel.GetClaimsPrincipal(); // At this point, you can compare the claims the are available to the backend service with the ones available to the web app // See for example that the backend service has knowledge of both the logged in user and the front end app through which the user is logged in ViewBag.Message = "Web service call succeeded!"; return(View()); }
/// <summary> /// Creates the binding based on the configurations. /// </summary> /// <returns>The binding configurations.</returns> private Binding CreateBinding() { WS2007FederationHttpBinding fedBinding = new WS2007FederationHttpBinding("SamlBearerTokenBindingConfig"); fedBinding.Security.Message.IssuedTokenType = this.transactionServiceProfile.IssuedTokenType; return(fedBinding); }
/// <summary> /// Returns the binding for the client. This method also modifies the security token request to include /// the custom element. /// </summary> /// <returns>The client's binding.</returns> static Binding GetClientBinding() { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message); binding.Security.Message.IssuerAddress = new EndpointAddress("http://localhost:8081/STS"); binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding(); #region Make the client send out additional RST element // // The TokenRequestParameters is a place where you can send some custom element in the issue request // Comment out this section will make the sample fail // XmlDocument doc = new XmlDocument(); XmlElement customElement = doc.CreateElement(CustomElementConstants.Prefix, CustomElementConstants.LocalName, CustomElementConstants.Namespace); bool sendCorrectValue = true; // change this to false will make the sample fail if (sendCorrectValue) { customElement.InnerText = CustomElementConstants.DefaultElementValue; } else { customElement.InnerText = "IncorrectValue"; } binding.Security.Message.TokenRequestParameters.Add(customElement); #endregion return(binding); }
public Binding Create(Endpoint serviceInterface) { System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true); var secureBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential) { Name = "secure", TransactionFlow = false, HostNameComparisonMode = serviceInterface.HostNameComparisonMode.ParseAsEnum(HostNameComparisonMode.StrongWildcard), MaxBufferPoolSize = serviceInterface.MaxBufferPoolSize, MaxReceivedMessageSize = serviceInterface.MaxReceivedSize, MessageEncoding = serviceInterface.MessageFormat.ParseAsEnum(WSMessageEncoding.Text), TextEncoding = Encoding.UTF8, ReaderQuotas = XmlDictionaryReaderQuotas.Max, BypassProxyOnLocal = true, UseDefaultWebProxy = false }; if (ConfigurationManagerHelper.GetValueOnKey("stardust.UseDefaultProxy") == "true") { secureBinding.BypassProxyOnLocal = false; secureBinding.UseDefaultWebProxy = true; } SetSecuritySettings(serviceInterface, secureBinding); return(secureBinding); }
public ChannelFactory <IDataEntityIO> GetApplicationServerChannelFactory(string _applicationServerAddress) { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential) { ReaderQuotas = { MaxArrayLength = 2147483647, MaxStringContentLength = 2147483647, MaxDepth = int.MaxValue }, MaxReceivedMessageSize = int.MaxValue, MaxBufferPoolSize = int.MaxValue }; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.NegotiateServiceCredential = true; binding.UseDefaultWebProxy = true; binding.BypassProxyOnLocal = false; ChannelFactory <IDataEntityIO> factory = new ChannelFactory <IDataEntityIO>(binding, new EndpointAddress(_applicationServerAddress)); return(factory); }
/// <summary> /// Returns the service binding. /// </summary> /// <returns>A WS2007FederationHttpBinding object for the service.</returns> static Binding GetServiceBinding() { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message); binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(securityTokenServiceAddress + "/mex"); return(binding); }
public static Binding CreateBinding(string bindingName) { Binding result = null; try { if (string.Compare(bindingName, typeof(WSHttpBinding).FullName, true) == 0) { result = new WSHttpBinding(); } else if (string.Compare(bindingName, typeof(WS2007HttpBinding).FullName, true) == 0) { result = new WS2007HttpBinding(); } else if (string.Compare(bindingName, typeof(BasicHttpBinding).FullName, true) == 0) { result = new BasicHttpBinding(); } else if (string.Compare(bindingName, typeof(WSDualHttpBinding).FullName, true) == 0) { result = new WSDualHttpBinding(); } else if (string.Compare(bindingName, typeof(WS2007FederationHttpBinding).FullName, true) == 0) { result = new WS2007FederationHttpBinding(); } else if (string.Compare(bindingName, typeof(WSFederationHttpBinding).FullName, true) == 0) { result = new WSFederationHttpBinding(); } else if (string.Compare(bindingName, typeof(NetNamedPipeBinding).FullName, true) == 0) { result = new NetNamedPipeBinding(); } else if (string.Compare(bindingName, typeof(NetMsmqBinding).FullName, true) == 0) { result = new NetMsmqBinding(); } else if (string.Compare(bindingName, typeof(MsmqIntegrationBinding).FullName, true) == 0) { result = new MsmqIntegrationBinding(); } else if (string.Compare(bindingName, typeof(NetTcpBinding).FullName, true) == 0) { result = new NetTcpBinding(); } else if (string.Compare(bindingName, typeof(NetPeerTcpBinding).FullName, true) == 0) { result = new NetPeerTcpBinding(); } } catch { result = new BasicHttpBinding(BasicHttpSecurityMode.None); } return(result); }
/// <summary> /// Configures the specified binding. /// </summary> /// <param name="binding">The binding.</param> /// <returns>Binding.</returns> public virtual Binding Configure( WS2007FederationHttpBinding binding) { if (binding == null) { throw new ArgumentNullException(nameof(binding)); } return(ConfigureDefault(binding)); }
static Binding GetClientBinding() { WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message); binding.Security.Message.IssuerAddress = new EndpointAddress("http://localhost:8081/STS"); binding.Security.Message.IssuerBinding = new WindowsWSTrustBinding(); return(binding); }
public SecurityToken IssueOAuth2SecurityToken(SecurityToken foreignToken, string rpEndpoint, string appliesTo, string localTokenType, out RequestSecurityTokenResponse rstr, string keyType) { ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12; // Authenticate with a SAML Bearer token var wsHttpBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); wsHttpBinding.Security.Message.EstablishSecurityContext = false; wsHttpBinding.Security.Message.NegotiateServiceCredential = false; wsHttpBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; Binding binding = wsHttpBinding; // Define the STS endpoint var endpoint = new EndpointAddress(new Uri(rpEndpoint)); var factory = new WSTrustChannelFactory(binding, endpoint) { TrustVersion = TrustVersion.WSTrust13 }; if (factory.Credentials != null) { factory.Credentials.SupportInteractive = false; // avoid that Cardspace dialog //http://stackoverflow.com/questions/11312314/cannot-serialize-saml2assertionkeyidentifierclause factory.Credentials.UseIdentityConfiguration = true; } // Now we define the Request for Security Token (RST) var rst = new RequestSecurityToken() { //identifiy which local token we want AppliesTo = new EndpointReference(appliesTo), //identify what type of request this is (Issue or Validate) RequestType = RequestTypes.Issue, //set what kind of token we want returned (appliesTo will override this) TokenType = localTokenType, //set the keytype (symmetric, asymmetric (pub key) or bearer - null = Sender Vouches) KeyType = null }; //create the channel (using the SAML token received from the WSC) var channel = factory.CreateChannelWithIssuedToken(foreignToken); //send the token issuance command var token = channel.Issue(rst, out rstr); return(token); }
private Binding GetWS2007FederationHttpBinding( SecurityKeyType securityKeyType) { var binding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.NegotiateServiceCredential = false; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = securityKeyType; return(binding); }
private static string GetADFSMembershipTokenHelper(string adfsEndpoint, string authSiteEndPoint, string userName, string password) { var identityProviderEndpoint = new EndpointAddress(new Uri(authSiteEndPoint + "/wstrust/issue/usernamemixed")); var federationEndpoint = new EndpointAddress(new Uri(adfsEndpoint + "/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256sha256")); var identityProviderBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential); identityProviderBinding.Security.Message.EstablishSecurityContext = false; identityProviderBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; identityProviderBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; var xml = new XmlDocument(); xml.LoadXml(@"<wsp:AppliesTo xmlns:wsp=""http://schemas.xmlsoap.org/ws/2004/09/policy""><wsa:EndpointReference xmlns:wsa=""http://www.w3.org/2005/08/addressing""><wsa:Address>http://kc-adfs.katalcloud.com/adfs/services/trust</wsa:Address></wsa:EndpointReference></wsp:AppliesTo>"); var federationBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); federationBinding.Security.Message.EstablishSecurityContext = false; federationBinding.Security.Message.IssuedKeyType = SecurityKeyType.AsymmetricKey; federationBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256; federationBinding.Security.Message.NegotiateServiceCredential = false; federationBinding.Security.Message.TokenRequestParameters.Add(xml.DocumentElement); federationBinding.Security.Message.IssuerAddress = identityProviderEndpoint; federationBinding.Security.Message.IssuerBinding = identityProviderBinding; federationBinding.Security.Message.IssuedTokenType = "urn:oasis:names:tc:SAML:2.0:assertion"; var trustChannelFactory = new WSTrustChannelFactory(federationBinding, federationEndpoint) { TrustVersion = TrustVersion.WSTrust13, }; trustChannelFactory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication() { CertificateValidationMode = X509CertificateValidationMode.None }; trustChannelFactory.Credentials.SupportInteractive = false; trustChannelFactory.Credentials.UserName.UserName = userName; trustChannelFactory.Credentials.UserName.Password = password; var channel = trustChannelFactory.CreateChannel(); var rst = new RequestSecurityToken(RequestTypes.Issue) { AppliesTo = new EndpointReference("http://azureservices/TenantSite"), TokenType = "urn:ietf:params:oauth:token-type:jwt", KeyType = KeyTypes.Bearer, }; RequestSecurityTokenResponse rstr = null; var token = channel.Issue(rst, out rstr); var tokenString = (token as GenericXmlSecurityToken).TokenXml.InnerText; var jwtString = Encoding.UTF8.GetString(Convert.FromBase64String(tokenString)); return(jwtString); }
static Binding CreateBinding() { var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); // only for testing on localhost binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; return(binding); }
public static WS2007FederationHttpBinding WS2007FederationHttpBinding(long maxReceivedMessageSize) { var binding = new WS2007FederationHttpBinding(); binding.MaxReceivedMessageSize = maxReceivedMessageSize; binding.ReaderQuotas.MaxStringContentLength = int.MaxValue; binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey; return(binding); }
private static Binding GetServiceBinding() { // // Use the standard WS2007FederationHttpBinding // WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(); binding.Security.Message.IssuerAddress = new EndpointAddress(STSAddress); binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding(); binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(STSAddress + "/mex"); return(binding); }
/// <summary> /// Issues security token /// </summary> /// <param name="binding"> /// The binding. /// </param> /// <param name="serviceAddress"> /// The service address. /// </param> /// <param name="actAsToken"> /// The act as token. /// </param> /// <returns> /// The security token /// </returns> /// <exception cref="ApplicationException"> /// </exception> public virtual SecurityToken IssueToken(WS2007FederationHttpBinding binding, string serviceAddress, SecurityToken actAsToken) { var issuerEndpointAddress = binding.Security.Message.IssuerAddress; var issuerBinding = binding.Security.Message.IssuerBinding as WS2007HttpBinding; if (issuerBinding == null) { throw new ApplicationException("Unable to get WS2007HttpBinding"); } var token = this.IssueToken(issuerBinding, issuerEndpointAddress, serviceAddress, actAsToken); return(token); }
protected override Binding GetBinding() { var authorityBinding = new WSHttpBinding(SecurityMode.Transport); var serviceBinding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); serviceBinding.Security.Message.IssuedTokenType = Saml20TokenType; var serverBasePathUri = BaseAddresses[0]; var issuerUri = new Uri(serverBasePathUri, FederationSTSServiceHost.BasePath + "/" + FederationSTSServiceHost.RelativePath); serviceBinding.Security.Message.IssuerAddress = new EndpointAddress(issuerUri); serviceBinding.Security.Message.IssuerBinding = authorityBinding; serviceBinding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; return(serviceBinding); }
private Binding CreateWs2007FederationHttpBinding(bool secureSessionOff) { Binding binding = new WS2007FederationHttpBinding("WS2007FederationHttpBinding_IServices"); ((WSFederationHttpBinding)binding).Security.Message.IssuerBinding = CreateKerberosOverTransportBinding(); if (secureSessionOff) { ((WSFederationHttpBinding)binding).Security.Message.NegotiateServiceCredential = false; var revisedBinding = CreateFederationBindingWithoutSecureSession(binding as WSFederationHttpBinding); return(revisedBinding); } return(binding); }
/// <summary> /// Gets the service binding. /// </summary> /// <returns>A WS2007FederationHttpBinding object for the service.</returns> static Binding GetServiceBinding() { //This has to be "None" if you want this to work without creating your own Certificate Authority for localhost... //Oops, can't set this to "none" or nothing interesting in the sample even happens... dammit... WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message); binding.Security.Message.IssuerAddress = new EndpointAddress(securityTokenServiceAddress); binding.Security.Message.IssuerBinding = GetSecurityTokenServiceBinding(); binding.Security.Message.IssuerMetadataAddress = new EndpointAddress(securityTokenServiceAddress + "/mex"); // // We need to set up the service binding so that it is expecting a custom token // binding.Security.Message.IssuedTokenType = CustomTokenHandler.DecisionTokenType; return(binding); }
private void ConnectToWcfService() { if (connected) { return; } if (token == null) { if (useActAs) { token = AdfsHelper.GetActAsToken(idpEndpoint, realm, serviceUserName, servicePassword); } else { token = AdfsHelper.GetSecurityToken(idpEndpoint, realm, serviceUserName, servicePassword); } } binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; binding.Security.Message.EstablishSecurityContext = false; // create factory and enable WIF plumbing factory = new ChannelFactory <T>(binding, serviceAddress); InvokeConfigureChannel(); try { factory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; //TODO Upgrade 4.5 - http://social.msdn.microsoft.com/Forums/vstudio/en-US/9cffe4ea-5a0d-4729-9eb1-b56629b175dc/configurechannelfactory-in-net-45?forum=Geneva //factory.ConfigureChannelFactory(); factory.Credentials.SupportInteractive = false; channel = factory.CreateChannelWithIssuedToken(token); SetupWcfHeader(); connected = true; } catch (Exception) { factory.Abort(); throw; } }
static void Main(string[] args) { var jwt = GetJwt(); var xmlToken = WrapJwt(jwt); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.HostNameComparisonMode = HostNameComparisonMode.Exact; binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IService>( binding, new EndpointAddress("https://localhost:44335/token")); var channel = factory.CreateChannelWithIssuedToken(xmlToken); Console.WriteLine(channel.Ping()); }
private static IClaimsService GetServiceProxy(SecurityToken token) { var serviceAddress = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Reply + "service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>( binding, new EndpointAddress(serviceAddress)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); return(channel); }
private static void CallService(SecurityToken token) { "Calling Service".ConsoleYellow(); var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>(binding, new EndpointAddress(_serviceAddress)); factory.Credentials.SupportInteractive = false; factory.Credentials.UseIdentityConfiguration = true; var proxy = factory.CreateChannelWithIssuedToken(token); var id = proxy.GetIdentity(); Helper.ShowIdentity(id); }
private static void CallService(SecurityToken token) { var serviceEndpoint = "https://" + "adfs.leastprivilege.vm" + "/rp/service.svc"; var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <IClaimsService>( binding, new EndpointAddress(serviceEndpoint)); factory.Credentials.SupportInteractive = false; var channel = factory.CreateChannelWithIssuedToken(token); var claims = channel.GetClaims(); claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value)); }
private static string CallService_IssuedToken(SecurityToken token) { // Creating the channel and calling it var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var serviceEpAddress = ConfigurationManager.AppSettings["serviceEpAddress"].ToString(); var factory = new ChannelFactory <IService1>(binding, new EndpointAddress(serviceEpAddress)); // Create a channel IService1 client = factory.CreateChannelWithIssuedToken(token); // Invoke the service operation var response = client.GetData(12); ((IClientChannel)client).Close(); return(response); }
/// <summary> /// Creates a new channel factory for the type using WS-Federation. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="endpointName"></param> /// <returns></returns> private static ChannelFactory <T> CreateChannelFactory <T>(string endpointName) { var binding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.TransportWithMessageCredential); binding.Security.Message.EstablishSecurityContext = false; binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; var factory = new ChannelFactory <T>( binding, new EndpointAddress(BuildAddress(endpointName))); if (factory.Credentials == null) { throw new Exception(ErrBadFactory); } factory.Credentials.SupportInteractive = false; return(factory); }
public static WS2007FederationHttpBinding GetServiceBinding(WS2007HttpBinding stsBinding, EndpointAddress usernameEndpoint, bool negotiateServiceCertificate) { var serviceBinding = new WS2007FederationHttpBinding( WSFederationHttpSecurityMode.Message, false); var messageSecurity = serviceBinding.Security.Message; // Saml 1.1 tokens messageSecurity.IssuedTokenType = SecurityTokenTypes.Saml11TokenProfile11; // Adresse til STS messageSecurity.IssuerAddress = usernameEndpoint; // Negotiation slået fra messageSecurity.NegotiateServiceCredential = negotiateServiceCertificate; // Symmetric keys messageSecurity.IssuedKeyType = SecurityKeyType.SymmetricKey; // Binding til STS messageSecurity.IssuerBinding = stsBinding; return(serviceBinding); }
private WSFederationHttpBinding GetFederatedBindingFromIssuerContract(Type contractType) { WSFederationHttpBinding binding; // If STS endpoint is using WSTrustFeb2005, then need to use WSFederationHttpBinding if (contractType == typeof(IWSTrustFeb2005SyncContract)) { binding = new WSFederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); } // If STS endpoint is using WSTrust1.3, then need to use WS2007FederationHttpBinding else if (contractType == typeof(IWSTrust13SyncContract)) { binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); } else { throw new ArgumentException("Unknown contract type", "contractType"); } return(binding); }