Team blog of MCS @ Middle East and Africa

This blog is created by Microsoft MEA HQ near shoring team, and it aims to share knowledge with the IT community.With its infrastructure and development sides,It brings to you the proven best practices and real world experiences from Subject Matter Experts
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Caching STS Security Token with an Active Web Client

Caching STS Security Token with an Active Web Client

  • Comments 2
  • Likes

A common scenario when using an STS (Being ADFS or Custom STS) is the requirement to cache the security token to be used repeatedly with the requests to WCF services to authenticate the calls. This is usually easy in desktop applications when most people go and cache the entire service proxy object in some global variable!

The recommended approach is to cache the security token itself and use it later on which has the following advantages...

  • You can use the same token with different WCF services that accept the token
  • You can renew the token before it expires

 

I've created a small sample with Active Web client with one page that first: caches the token, then use it to make the service calls.

The following method can be used to cache the token...

CacheToken()

{

// First, create binding to the service. The below URL is the name of the binding

// It is important to note that this will cause the next calls to use v1.3. If you want to use Feb 2005 standards, use WSHttpBinding, not 2007

WS2007HttpBinding wsf =new WS2007HttpBinding(@"https://vs2010.contoso.com/ATMServicesSTS/Service1.svc/IWSTrust13");

// Now create a WS trust factory that will be used to create the communication channel with the STS

WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(wsf,new EndpointAddress(@"https://vs2010.contoso.com/ATMServicesSTS/Service1.svc/IWSTrust13"));

// I use User Name/Password for security

trustChannelFactory.Credentials.UserName.UserName ="My User Name";

trustChannelFactory.Credentials.UserName.Password ="My Password";

// just to make sure no certificates involved

      trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

      trustChannelFactory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

// specifiy the trust version

      trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;

// Now create the cannel

WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

// Specify the request parameters including Audience URI and lifetime

RequestSecurityToken rst =new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue){Lifetime =new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5))};

rst.AppliesTo = new EndpointAddress(@"https://vs2010.contoso.com/ATMServices/");

RequestSecurityTokenResponse rstr =null;

// Get the token

SecurityToken token = channel.Issue(rst,out rstr);

// Cache it in the session

Session["Token"] = token;

}

Now, Use the token...

// Create the proxy object

ActiveClient.ATMServices.ServiceClient sc =new ActiveClient.ATMServices.ServiceClient();

// Configure the channel factory

sc.ChannelFactory.ConfigureChannelFactory<ActiveClient.ATMServices.IService>();

// Create the channel with the issued token

ActiveClient.ATMServices.IService serviceChannel = sc.ChannelFactory.CreateChannelWithIssuedToken<ActiveClient.ATMServices.IService>((SecurityToken)Session["Token"]);

// call the service method

txtReturn.Text = serviceChannel.GetData(50);

 

Remember to add references to WIF to your project.

 

 Happy Coding:)

 

Update 20/1/2012: Sample project added as an attachement.


 

Attachment: ActiveWebClient.zip
Comments
  • Can you please publish the complete sample?

    Thanks in advance.

    Desu..

  • sure, attached...uw:)

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment