0

I have been given a .wsdl file and .pfx from the provider.

I call the IdP and acquire a SAML token. Now I need to pass that token to the WebService.

How do I use the SAML token to work with the WebService?

I am using .NET 4.5

gbs
  • 7,196
  • 5
  • 43
  • 69
  • The secret sauce is a call to `CreateChannelWithIssuedToken` (http://msdn.microsoft.com/en-us/library/hh138833(v=vs.110).aspx). – Mitch Nov 11 '14 at 14:38
  • @Mitch I already tried that but the problem is I have a .wsdl on my machine and not a url to the provider's service. – gbs Nov 11 '14 at 17:19
  • The WSDL typically contain the endpoint address in `/service/port/address/@location`. You can translate the WSDL to a client proxy using the `svcutil.exe` tool. See http://msdn.microsoft.com/en-us/library/aa751905.aspx. – Mitch Nov 12 '14 at 02:13
  • @Mitch, I was able to generate proxy classes using wsdl. I am trying something like here: http://www.noiseworks.org/security-token-service-in-asp-net-application-part-2/. Hope that will work. – gbs Nov 12 '14 at 22:00

2 Answers2

1

I was able to add the token and get response with the help of the following two posts:

http://www.noiseworks.org/security-token-service-in-asp-net-application-part-2/ http://travisspencer.com/blog/2012/01/cryptographic-operations-are-r.html

Here's my code:

  private static string serviceEndpoint = "https service endpoint";
    public static void CallProviderService(SecurityToken token)
    {
        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

        var channelFactory = new ChannelFactory<ISomeProviderService>(binding, new EndpointAddress(new Uri(serviceEndpoint)));
        string thumb = "mycertthumbprint";
        channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, thumb);
        channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
        channelFactory.ConfigureChannelFactory();
        channelFactory.Credentials.SupportInteractive = false;

var elements = service.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
service.Endpoint.Binding = new CustomBinding(elements);

        var channel = channelFactory.CreateChannelWithIssuedToken<ISomeProviderService>(token);

        try
        {
            var response = channel.MyServiceMethod(somedataobject);
        }

        catch (Exception ex)
        {
           //log message
        }
    }
gbs
  • 7,196
  • 5
  • 43
  • 69
0

This is something that should be specified by the provider of the WS. A common standard i the WS-security standard by OASIS

Using this standard the SAML Assertion is placed in a SOAP security header

Stefan Rasmusson
  • 5,445
  • 3
  • 21
  • 48