Can Transformed ClaimPrincipal be retriveved / inspected from client

Question

0.00/5 (No votes)

See more:

.NET4.5

I´m trying to get grips on the hole WIF thing!

I´ve made an console appliaction that host an WIF enabled service. I use .Net 4.5 The service is configured as followed

wsHttpBinding
clientCredentialType="Windows"
establishSecurityContext="true"
principalPermissionMode="UseWindowsGroups"
useIdentityConfiguration="true"

with references to
claimsAuthenticationManager
claimsAuthorizationManager

After a few days of reading i´ve got it all to work. The client creates a wcf connection and can call the exposed methods in the service. The overrides for ClaimsAuthenticationManager and ClaimsAuthzManager executes as they should.

But here is the thing i dont understand!
If i look at the current principal on the client it uses authenticationtype
System.Security.Principal.GenericIdentity
But when i look att current principal in the service it uses
System.Security.Principal.WindowsIdentity

Both applications has only has 1 identity in the principal.

I thought that the ClaimsAuthnManager.Authenticate because if it´s output of a ClaimsPrincipal would somehow be returned to the client. Or that the client by some means could retrieve or inspect the transformed Principal. Am i wrong?

I also tried to create a method in the service which return the ClaimsPrincipal.Current from the service

public ClaimsPrincipal GetIdentity()
{
return ClaimsPrincipal.Current;
}

this result in the client printint a error on the console (No Exception) that the endpoint does not use the http protocol. Or that the service is closed???

My goal is create a WPF application that uses a remote service to get specific claims. And to perform remote methods woth audit trail and logging with modern security.

If anyone out there could help me i would be very grateful!
Best Regards
Pierre

Here is my complete App.config file of the console app hosting the service

XML

<configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="System.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections
  <system.webServer>
    <modules>
      <!--WIF 4.5 modules -->
      <add name="ClaimsAuthorizationModule" type="System.IdentityModel.Services.ClaimsAuthorizationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    </modules>
  </system.webServer>

  <system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMessagesAtServiceLevel="true"/>
    </diagnostics>
    <services>
      <service behaviorConfiguration="service_behavior" name="ClaimsService">
        <endpoint name="Windows"
                  address="Windows"
                  binding="wsHttpBinding"
                  bindingConfiguration="windows"
                  contract="ClaimsContract"/>
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:9000/SecurityServices/Claims"/>
          </baseAddresses>
        </host>
      </service>
    </services>

    <!-- set establishSecurityContext to true to get a security session -->
    <bindings>
      <wsHttpBinding>
        <binding name="windows">
          <security mode="Message">
            <message clientCredentialType="Windows" establishSecurityContext="true"/>
          </security>
        </binding>
      </wsHttpBinding>
      <ws2007HttpBinding>
        <binding name ="windows">
          <security mode="Message">
            <message clientCredentialType="Windows" establishSecurityContext="true" />
          </security>
        </binding>
      </ws2007HttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="service_behavior">
          <serviceAuthorization principalPermissionMode="UseWindowsGroups"/>
          <serviceCredentials useIdentityConfiguration="true">
            <windowsAuthentication allowAnonymousLogons="false"/>
          </serviceCredentials>
          <serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

  <system.identityModel>
    <identityConfiguration>
      <claimsAuthenticationManager type="SecurityManager.Plumbing.ClaimsAuthnManager, SecurityManager"/>
      <claimsAuthorizationManager type="SecurityManager.Plumbing.ClaimsAuthzManager, SecurityManager"/>
    </identityConfiguration>
  </system.identityModel>

  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  
</configuration>

Posted 15-Oct-15 1:22am

Pierre Lundgren

Updated 15-Oct-15 1:57am

v3

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)