Login/Register
Configuring WIF/WCF using Identity and Access Tool to a Thinktecture.IdentityServer
Asked Answered
wcfwifthinktecture-ident-server
I

0

26

note: A github repo has been constructed to demonstrate the issue causing these questions.

In creating a WIF secured WCF service, the MSDN documentation recommends using the Identity and Access Tool for visual studio. Upon running the tool on the service project, the following node is added to the web.config [commit 0472287]:

<ws2007FederationHttpBinding>
  <binding name="">
    <security mode="Message">
      <message>
        <issuerMetadata address="https://localhost/adfs/services/trust/mex" />
       </message>
     </security>
   </binding>
 </ws2007FederationHttpBinding>

The identity tool adds an incorrect issuerMetadata address and does not include the issure node at all. All of the nodes which reference certificate thumbprints are, thankfully, created correctly. Adding a service reference to a client project for this service results in an invalid configuration on the client. Upon changing the content of the message node as follows, creating a service reference to the service leaves a nearly usable client (see second question) [commit 758052d].

      <message>
        <issuer address="https://localhost:44300/issue/wstrust/mixed/username" binding="ws2007HttpBinding" bindingConfiguration="" />
        <issuerMetadata address="https://localhost:44300/issue/wstrust/mex" />
      </message>

First Question Is there something I am doing wrong in setting up the identity tool that is causing the binding to not be configured properly? The address that is generated does not exist in the STS FederationMetadata.xml file so I am not sure where it is coming from.

After properly configuring the service, the service reference for the client is nearly plug and play. For some reason, it doesn't specify a binding configuration for the issuer in the WS2007FederationHttpBinding. Adding a binding and creating a binding configuration for the WIF client to get a token from will cause the client to be in a working state [commit 39a4cbc].

Second Question Updating the service web.config allowed the rest of the client configuration to be generated automatically. Am I missing something for the client to also get the binding auto configured?

All of these missing elements are able to be looked up in the FederationMetadata.xml file the identity tool requires as well as on the FederationMetadata service which both projects become aware of. It seems that there should be something to cause these to be configured correctly without need of manual intervention.

note: A github repo has been constructed to demonstrate the issue causing these questions.

Intermittent answered 15/10, 2014 at 20:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.