Can I auto generate an STS binding for WsFederationHttpBinding endpoints via MEX

Question

I have a WCF service that exposes a WsFederationHttpBinding endpoint programatically. I want to then use Visual Studio to create a client side endpoint using the service reference dialog. The client generates the correct endpoint and binding but I must manually create a binding in the client config for the STS and hook it up to the issuer element of the federated service binding. Is there a way to create the server side binding so that the STS binding is automatically generated on the client?

This is basically how I generated the binding in code:

public class MyServiceHost : ServiceHostFactory
{
    protected override void AddServiceEndpoint(ServiceHost host, Type contract, Uri address)
    {
        var binding = new WSFederationHttpBinding();
        // set up some binding properties here
        binding.Security = new WSFederationHttpSecurity
        {
            Mode = WSFederationHttpSecurityMode.Message,
            Message = new FederatedMessageSecurityOverHttp
            {
                AlgorithmSuite = SecurityAlgorithmSuite.Default,
                EstablishSecurityContext = true,
                IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1",
                NegotiateServiceCredential = false,
                IssuerAddress = new EndpointAddress(
                    new Uri("http://mydomain/STSService.svc"), 
                    EndpointIdentity.CreateSpnIdentity("http/IDENTITYMASKED")),
                IssuerBinding = new WSHttpBinding
                {
                    Name = "stsBinding",
                    Security = new WSHttpSecurity
                    {
                        Mode = SecurityMode.Message,
                        Message = new NonDualMessageSecurityOverHttp
                        {
                            ClientCredentialType = MessageCredentialType.Windows,
                            NegotiateServiceCredential = true,
                            AlgorithmSuite = SecurityAlgorithmSuite.Default,
                            EstablishSecurityContext = false
                        }
                    }
                }
            }
        };
        host.AddServiceEndpoint(contract, binding, address);
    }
}

When I generated a proxy to this in Visual Studio the stsBinding isnt there in configuration or hooked up, is there a way to get this to happen or does MEX not allow it?

I'm still struggling with the programatically binding on the service side, could you post this? That would be really cool! — nvoigt, Apr 12 '13 at 14:03

score 0 · Answer 1 · answered Apr 12 '13 at 14:33

0

Not sure if it will help because my own service is not running yet, but my (currently untested) code sets the IssuerMetadataAddress of the FederatedMessageSecurityOverHttp element, that should be what enables the client wizard to generate that binding as well.

answered Apr 12 '13 at 14:33

nvoigt

75,013
26
93
142

It didnt work for me, the STS is actually exposing some custom binding :( I get the dreaded cardspace exception when I try get a token which means that its probably not figuring out I want to use windows credentials... – Peter Short Apr 12 '13 at 14:42

Can I auto generate an STS binding for WsFederationHttpBinding endpoints via MEX

1 Answers1