I´m trying to get grips on the hole WIF thing!
I´ve made an console appliaction that host an WIF enabled service. I use .Net 4.5 The service is configured as followed
wsHttpBinding
clientCredentialType="Windows"
establishSecurityContext="true"
principalPermissionMode="UseWindowsGroups"
useIdentityConfiguration="true"
with references to
claimsAuthenticationManager
claimsAuthorizationManager
After a few days of reading i´ve got it all to work. The client creates a wcf connection and can call the exposed methods in the service. The overrides for ClaimsAuthenticationManager and ClaimsAuthzManager executes as they should.
But here is the thing i dont understand!
If i look at the current principal on the client it uses authenticationtype
System.Security.Principal.GenericIdentity
But when i look att current principal in the service it uses
System.Security.Principal.WindowsIdentity
Both applications has only has 1 identity in the principal.
I thought that the ClaimsAuthnManager.Authenticate because if it´s output of a ClaimsPrincipal would somehow be returned to the client. Or that the client by some means could retrieve or inspect the transformed Principal. Am i wrong?
I also tried to create a method in the service which return the ClaimsPrincipal.Current from the service
public ClaimsPrincipal GetIdentity()
{
return ClaimsPrincipal.Current;
}
this result in the client printint a error on the console (No Exception) that the endpoint does not use the http protocol. Or that the service is closed???
My goal is create a WPF application that uses a remote service to get specific claims. And to perform remote methods woth audit trail and logging with modern security.
If anyone out there could help me i would be very grateful!
Best Regards
Pierre
Here is my complete App.config file of the console app hosting the service
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="System.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections
<system.webServer>
<modules>
<add name="ClaimsAuthorizationModule" type="System.IdentityModel.Services.ClaimsAuthorizationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</modules>
</system.webServer>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMessagesAtServiceLevel="true"/>
</diagnostics>
<services>
<service behaviorConfiguration="service_behavior" name="ClaimsService">
<endpoint name="Windows"
address="Windows"
binding="wsHttpBinding"
bindingConfiguration="windows"
contract="ClaimsContract"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:9000/SecurityServices/Claims"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="windows">
<security mode="Message">
<message clientCredentialType="Windows" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
<ws2007HttpBinding>
<binding name ="windows">
<security mode="Message">
<message clientCredentialType="Windows" establishSecurityContext="true" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="service_behavior">
<serviceAuthorization principalPermissionMode="UseWindowsGroups"/>
<serviceCredentials useIdentityConfiguration="true">
<windowsAuthentication allowAnonymousLogons="false"/>
</serviceCredentials>
<serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type="SecurityManager.Plumbing.ClaimsAuthnManager, SecurityManager"/>
<claimsAuthorizationManager type="SecurityManager.Plumbing.ClaimsAuthzManager, SecurityManager"/>
</identityConfiguration>
</system.identityModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
</configuration>