Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / .NET
 

Simple WCF - Cardspace

4.11/5 (10 votes)
5 May 2008CPOL2 min read 1   470  
Windows cardspace implementation in Windows communication foundation (WCF) application

Introduction

Step1: Download and install esBPFX.pfx X509 certificate in MMC -> Console -> Certificate -> Localmachine -> Trusted Root Certificate Authorities (ref: http://www.codeproject.com/kb/wcf/senthil.aspx)
Step2: Download source code

Image 1

This article describe how to implement Windows cardspace with WCF applications. Steps involved for this process is very simple and this can be achived in configuration file itself.

Using the Code

Create WCF service application with service1.svc in which IContract1 is one of the interface (endpoint) which will be integrated by any class / service.

FederationHTTPBinding:

This binding will describe the client to authenticate using security tokens. Thus using this federationhttpbinding it is possible to intergrate with Cardspace

//federationhttpbinding
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
    </endpoint>
</service>

Identity:

The information / claim details passed from the client to the server must be digitally signed from the X509 certificate store. This X509 certificate may be custom certificate or get from Verisign certificate store. For custom certificate see this article http://www.codeproject.com/kb/wcf/senthil.aspx for step by step creation of X509 certificate. Once u get the X509 certificate mention the details in the identity block of WCF config file as follows

// Identity 
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
     <identity>
          <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
        </identity>
    </endpoint>
</service>

Bindings:

Binding configuration must be described based on the name "binding1" which is defined in the endpoint configuration

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
       </security>
    </binding>
</wsFederationHttpBinding>

Claim Details:

Necessary to describe the token issuer address and also mention the required claims from the user / client.

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
          <message>
              <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
              <claimTypeRequirements>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
              </claimTypeRequirements>
          </message>
       </security>
    </binding>
</wsFederationHttpBinding>

Client Config file:

Once completed with the above steps using svcutil.exe <url> client can create the proxy class for the particular WCF service, in which certificate token with claim details are generated in the client config file.

Claims Retrieval:

To retrieve the claim details send from the client side, the followiing code block will be the helpful one.

For Each objClaimSet As IdentityModel.Claims.ClaimSet In ac.ClaimSets
    For Each objClaim As IdentityModel.Claims.Claim In objClaimSet
       If objClaim.ClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Then
          //email address retrieval   
       End If
    End For
End For

Similar to email address possible to retieve further claim details.

Following is the list of various claim details

Given Name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname 
Email Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Surname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Street Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
Locality = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
State/Province = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Postal Code = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
Country = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
Home Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
Other Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Mobile Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Date of Birth = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
Gender = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
PPID = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
Web site = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website

Sample Web.config:

Below will be one of the sample WCF config file for your reference

<system.serviceModel>
  <services>
     <service name="Service1" behaviorConfiguration="Behav1">
       <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
       <identity>
            <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
          </identity>
       </endpoint>
       <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
     </service>
  </services>
  <behaviors>
     <serviceBehaviors>
         <behavior name="Behav1">
           <serviceDebug includeExceptionDetailInFaults="true"/>
           <serviceMetadata httpGetEnabled="true"/>
         </behaviour>
     </serviceBehaviors>
  </behaviors>
  <bindings>
     <wsFederationHttpBinding>
        <binding name="binding1">
           <security mode="Message">
              <message>
                <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
                <claimTypeRequirements>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
                </claimTypeRequirements>
              </message>
           </security>
        </binding>
     <wsFederationHttpBinding/>
  <bindings/>
</system.serviceModel>

Thats it!.. If any user / client hit any of the WCF service cardspace will prompt for the particular user.

Points of Interest

Tricks in WCF

History

May 05, 2008. First Release

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2008 by meetsenthilbtech
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-12-08:1