Click here to Skip to main content
Click here to Skip to main content
Go to top

Simple WCF - Cardspace

, 5 May 2008
Rate this:
Please Sign up or sign in to vote.
Windows cardspace implementation in Windows communication foundation (WCF) application

Introduction

Step1: Download and install esBPFX.pfx X509 certificate in MMC -> Console -> Certificate -> Localmachine -> Trusted Root Certificate Authorities (ref: http://www.codeproject.com/kb/wcf/senthil.aspx)
Step2: Download source code

This article describe how to implement Windows cardspace with WCF applications. Steps involved for this process is very simple and this can be achived in configuration file itself.

Using the Code

Create WCF service application with service1.svc in which IContract1 is one of the interface (endpoint) which will be integrated by any class / service.

FederationHTTPBinding:

This binding will describe the client to authenticate using security tokens. Thus using this federationhttpbinding it is possible to intergrate with Cardspace

//federationhttpbinding
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
    </endpoint>
</service>

Identity:

The information / claim details passed from the client to the server must be digitally signed from the X509 certificate store. This X509 certificate may be custom certificate or get from Verisign certificate store. For custom certificate see this article http://www.codeproject.com/kb/wcf/senthil.aspx for step by step creation of X509 certificate. Once u get the X509 certificate mention the details in the identity block of WCF config file as follows

// Identity 
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
     <identity>
          <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
        </identity>
    </endpoint>
</service>
    

Bindings:

Binding configuration must be described based on the name "binding1" which is defined in the endpoint configuration

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
       </security>
    </binding>
</wsFederationHttpBinding>

Claim Details:

Necessary to describe the token issuer address and also mention the required claims from the user / client.

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
          <message>
              <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
              <claimTypeRequirements>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
              </claimTypeRequirements>
          </message>
       </security>
    </binding>
</wsFederationHttpBinding>

Client Config file:

Once completed with the above steps using svcutil.exe <url> client can create the proxy class for the particular WCF service, in which certificate token with claim details are generated in the client config file.

Claims Retrieval:

To retrieve the claim details send from the client side, the followiing code block will be the helpful one.

For Each objClaimSet As IdentityModel.Claims.ClaimSet In ac.ClaimSets
    For Each objClaim As IdentityModel.Claims.Claim In objClaimSet
       If objClaim.ClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Then
          //email address retrieval   
       End If
    End For
End For

Similar to email address possible to retieve further claim details.

Following is the list of various claim details

Given Name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname 
Email Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Surname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Street Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
Locality = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
State/Province = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Postal Code = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
Country = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
Home Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
Other Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Mobile Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Date of Birth = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
Gender = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
PPID = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
Web site = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website

Sample Web.config:

Below will be one of the sample WCF config file for your reference

<system.serviceModel>
  <services>
     <service name="Service1" behaviorConfiguration="Behav1">
       <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
       <identity>
            <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
          </identity>
       </endpoint>
       <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
     </service>
  </services>
  <behaviors>
     <serviceBehaviors>
         <behavior name="Behav1">
           <serviceDebug includeExceptionDetailInFaults="true"/>
           <serviceMetadata httpGetEnabled="true"/>
         </behaviour>
     </serviceBehaviors>
  </behaviors>
  <bindings>
     <wsFederationHttpBinding>
        <binding name="binding1">
           <security mode="Message">
              <message>
                <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
                <claimTypeRequirements>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
                </claimTypeRequirements>
              </message>
           </security>
        </binding>
     <wsFederationHttpBinding/>
  <bindings/>
</system.serviceModel>    
    

Thats it!.. If any user / client hit any of the WCF service cardspace will prompt for the particular user.

Points of Interest

Tricks in WCF

History

May 05, 2008. First Release

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

meetsenthilbtech
Technical Lead Infosys Technologies
India India
No Biography provided

Comments and Discussions

 
GeneralReally Amiable Pinmembernavalravi5-May-08 19:18 
GeneralYou have to attach some code too Pinmember leppie 5-May-08 2:17