Introduction
Step1: Download and install esBPFX.pfx X509 certificate in MMC -> Console -> Certificate -> Localmachine -> Trusted Root Certificate Authorities (ref: http://www.codeproject.com/kb/wcf/senthil.aspx)
Step2: Download source code
This article describe how to implement Windows cardspace with WCF applications. Steps involved for this process is very simple and this can be achived in configuration file itself.
Using the Code
Create WCF service application with service1.svc in which IContract1 is one of the interface (endpoint) which will be integrated by any class / service.
FederationHTTPBinding:
This binding will describe the client to authenticate using security tokens. Thus using this federationhttpbinding it is possible to intergrate with Cardspace
<service name="Service1" behaviorConfiguration="Behav1">
<endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
</endpoint>
</service>
Identity:
The information / claim details passed from the client to the server must be digitally signed from the X509 certificate store. This X509 certificate may be custom certificate or get from Verisign certificate store. For custom certificate see this article http://www.codeproject.com/kb/wcf/senthil.aspx for step by step creation of X509 certificate. Once u get the X509 certificate mention the details in the identity block of WCF config file as follows
<service name="Service1" behaviorConfiguration="Behav1">
<endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
<identity>
<certificateReference
findValue="TempCA"
storeLocation="LocalMachine"
storeName="Root"
x509FindType="FindBySubjectName" />
</identity>
</endpoint>
</service>
Bindings:
Binding configuration must be described based on the name "binding1" which is defined in the endpoint configuration
<wsFederationHttpBinding>
<binding name="binding1">
<security mode="Message">
</security>
</binding>
</wsFederationHttpBinding>
Claim Details:
Necessary to describe the token issuer address and also mention the required claims from the user / client.
<wsFederationHttpBinding>
<binding name="binding1">
<security mode="Message">
<message>
<issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
<claimTypeRequirements>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
</claimTypeRequirements>
</message>
</security>
</binding>
</wsFederationHttpBinding>
Client Config file:
Once completed with the above steps using svcutil.exe <url> client can create the proxy class for the particular WCF service, in which certificate token with claim details are generated in the client config file.
Claims Retrieval:
To retrieve the claim details send from the client side, the followiing code block will be the helpful one.
For Each objClaimSet As IdentityModel.Claims.ClaimSet In ac.ClaimSets
For Each objClaim As IdentityModel.Claims.Claim In objClaimSet
If objClaim.ClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Then
End If
End For
End For
Similar to email address possible to retieve further claim details.
Following is the list of various claim details
Given Name = http:
Email Address = http:
Surname = http:
Street Address = http:
Locality = http:
State/Province = http:
Postal Code = http:
Country = http:
Home Phone = http:
Other Phone = http:
Mobile Phone = http:
Date of Birth = http:
Gender = http:
PPID = http:
Web site = http:
Sample Web.config:
Below will be one of the sample WCF config file for your reference
<system.serviceModel>
<services>
<service name="Service1" behaviorConfiguration="Behav1">
<endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
<identity>
<certificateReference
findValue="TempCA"
storeLocation="LocalMachine"
storeName="Root"
x509FindType="FindBySubjectName" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Behav1">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true"/>
</behaviour>
</serviceBehaviors>
</behaviors>
<bindings>
<wsFederationHttpBinding>
<binding name="binding1">
<security mode="Message">
<message>
<issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
<claimTypeRequirements>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
<add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
</claimTypeRequirements>
</message>
</security>
</binding>
<wsFederationHttpBinding/>
<bindings/>
</system.serviceModel>
Thats it!.. If any user / client hit any of the WCF service cardspace will prompt for the particular user.
Points of Interest
Tricks in WCF
History
May 05, 2008. First Release
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
