0

We have a wcf webservice that is secured using a Custom STS Active Federation Implementation.

So clients have to contact the STS for a "Token" with which it can call the methods in WCF Service.

I am puzzled how to make self service call from the service itself.

Steps are below

  1. Client calls STS to get Token
  2. Using this Token it calls a method in WCF service
  3. Method in WCF Service is getting executed
  4. i need to make a call to another web service method by creating channel factory and using the bootstrap token that is available in the thread

How to implement the 4th step?

public int GetValue(string input)
{
    CallGetValue1();
    return int.Parse(input);
}

public int GetValue1()
{
    return int.MaxValue;
}

private void CallGetValue1()
{
    var channelFactory = new ChannelFactory<IWCFService>("WCFService");
    channelFactory.Credentials.SupportInteractive = false;
    channelFactory.ConfigureChannelFactory();
    var proxy = channelFactory.CreateChannelWithIssuedToken(GetSecurityToken());
    var result = proxy.GetValue1();
}

private static SecurityToken GetSecurityToken()
{
    var identity = Thread.CurrentPrincipal.Identity as IClaimsIdentity;
    return identity.BootstrapToken;
}

CallGetValue1 gives me some error @ proxy.GetValue1()

System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The security token authenticator 'System.ServiceModel.Security.Tokens.GenericXmlSecurityTokenAuthenticator' cannot validate a token of type 'System.IdentityModel.Tokens.SamlSecurityToken'. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.IdentityModel.Tokens.SecurityTokenValidationException: The security token authenticator 'System.ServiceModel.Security.Tokens.GenericXmlSecurityTokenAuthenticator' cannot validate a token of type 'System.IdentityModel.Tokens.SamlSecurityToken'.

Am sorry i dono what details to add more. If you need more details please do reply in the comments. Thanks :)

Balaji Gunasekaran
  • 416
  • 6
  • 16
  • Can you do it outside the service? It's just code - you do it the same way as you would outside the service. – zimdanen Feb 11 '13 at 13:42
  • Ok, in step "1" i pass userid and password to get the token from sts. In step 3, I already have the token from the BootStrapToken property. So is it necessary to call sts again for a token? Is there no other way to avoid this repeated calls to STS? – Balaji Gunasekaran Feb 11 '13 at 13:45
  • Ah, sorry, didn't read the question closely enough. Do you want your service to call the service as the user (impersonation) or as itself? If you want to track the call as from the service, then you would definitely want another token anyway. – zimdanen Feb 11 '13 at 13:52
  • I just meant token chaining. If i have two services A and B both secured using the same STS. Lets say that client calls A and A calls B. How can i use the token that i have in A for calling B. Thanks a lot for your response :) – Balaji Gunasekaran Feb 11 '13 at 13:56

0 Answers0