15

I am migrating an ASP.Net site that uses Active Federation and WIF 3.5 to use .Net 4.5. The functionality of Windows Identity Foundation (WIF 3.5) has now been fully integrated in into the .Net 4.5 Framework.

Since classes have moved to three different namespaces, it is mostly a matter of mechanical translation. The part that I am having trouble with is translating the GenericXmlSecurityToken issued by the STS to a Claims Principal for the call to SessionAuthenticationModule.WriteSessionTokenToCookie. The documentation is lacking and I just need to find the WIF 4.5 way to access FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers

Here is a snippet of the WIF 3.5 code that does not compile in WIF 4.5 (WSTrust channel creation omitted for brevity):

var genericToken = channel.Issue(rst) as GenericXmlSecurityToken;

var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;

var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(token).First();

var sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity),
                                            TimeSpan.FromMinutes(20));

FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
Mark Larson
  • 499
  • 3
  • 13

1 Answers1

16

The fix turned out to be fairly simple (If not immediately obvious).

FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers

translates to WIF 4.5 as 

FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers

The only other change was replacing the ClaimsPrincipal.CreateFromIdentity(identity) factory method call with new ClaimsPrincipal(identity).

Below is the working snippet:

var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;

var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(token).First();

var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(identity),
                                            TimeSpan.FromMinutes(20));

FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
Mark Larson
  • 499
  • 3
  • 13
  • 2
    `FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers` - What is ***namespace*** and ***assembly*** ? – Kiquenet Sep 12 '16 at 12:01
  • 1
    @Kiquenet `System.IdentityModel.Services`, which is a separate assembly – molnarm Dec 06 '16 at 13:21