StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUsing tokens assigned from an STS to call a WCF service
primarykey
Id
5276023
data
AcceptedAnswerId
5380726
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-03-11T17:10:22.710
FavoriteCount
2
LastActivityDate
2015-11-19T09:07:32.497
LastEditDate
2011-03-15T15:56:37.240
LastEditorUserId
621524
OwnerUserId
621524
ParentId
0
PostTypeId
1
Score
7
ViewCount
4732
LastEditorDisplayName
text
Body
I've been staring at this all day to no avail and I'm out of ideas. The IP-STS handles the login then passes it down to the RP-STS which fills the token with claims and then onto the Website. this works correctly. I have some WCF functions on the IP-STS such as change password/reset password and need to access them. Having read around I should be able to send the token already assigned through to the WCF to ensure the user is authenticated. From what I can see it is sending the token but not correctly and also not in the way that I want as it seems to need a username at the moment. Ideally I want it to take the token assigned to the user and not have to re-request or re-create anything and definatly not any need for username/password. The error I am currently getting is: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. Detail: The message could not be processed. This is most likely because the action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding. Here is the relevant bits from my web configs. client side web.config <hr> <pre><code><system.serviceModel> <bindings> <customBinding> <binding name="UsernameBinding"> <security authenticationMode="UserNameForCertificate" requireSecurityContextCancellation ="false" requireSignatureConfirmation="false" messageProtectionOrder ="SignBeforeEncryptAndEncryptSignature" requireDerivedKeys="true"> </security> <httpTransport/> </binding> </customBinding> <wsFederationHttpBinding> <binding name="HTTPEndpoint" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"> <security mode="Message"> <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" negotiateServiceCredential="false"> <claimTypeRequirements> <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" /> </claimTypeRequirements> <issuer address="http://localhost:13422/MembershipService" bindingConfiguration="UsernameBinding" binding="customBinding"> <identity> <certificateReference findValue="STSTestCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" /> </identity> </issuer> </message> </security> </binding> </wsFederationHttpBinding> </bindings> <behaviors>  <endpointBehaviors> <behavior name="ServiceBehavior"> <clientCredentials> <clientCertificate findValue="STSTestCert" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" /> <serviceCertificate> <defaultCertificate findValue="STSTestCert" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/> <authentication certificateValidationMode="PeerOrChainTrust" /> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <client> <endpoint address="http://localhost:13422/MembershipService" binding="wsFederationHttpBinding" bindingConfiguration="HTTPEndpoint" contract="MembershipService.IAccountMembershipService" name="HTTPEndpoint" behaviorConfiguration="ServiceBehavior"> <identity> <dns value="localhost"/> </identity> </endpoint> </client> </code></pre> <hr> Service side: <pre><code><system.serviceModel> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"> <serviceActivations> <add relativeAddress="IAccountMembershipService.svc" service="AccountMembershipService" factory="System.ServiceModel.Activation.WebServiceHostFactory" /> </serviceActivations> </serviceHostingEnvironment> <bindings> <wsHttpBinding> <binding name="federationBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00" closeTimeout="00:10:00" openTimeout="00:10:00"> <security mode="Message"> <message negotiateServiceCredential="true" /> </security> </binding> </wsHttpBinding> <wsFederationHttpBinding> <binding name="federationBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"> <security mode="Message"> <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" negotiateServiceCredential="false"> <claimTypeRequirements> <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" /> </claimTypeRequirements> <issuer address="http://localhost:13422/MembershipService" bindingConfiguration="UsernameBinding" binding="customBinding"> <identity> <certificateReference findValue="STSTestCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" /> </identity> </issuer> </message> </security> </binding> </wsFederationHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="serviceBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceCredentials> <serviceCertificate findValue="CN=STSTestCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <extensions> <behaviorExtensions>  <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=0.6.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </behaviorExtensions> </extensions> <services> <service behaviorConfiguration="serviceBehavior" name="STS.IP.Models.AccountMembershipService"> <endpoint binding="wsFederationHttpBinding" bindingConfiguration="federationBinding" name="HTTPEndpoint" contract="STS.IP.Infrastructure.IAccountMembershipService" > <identity> <dns value="localhost"/> </identity> </endpoint>  </service> </services> </code></pre> Sorry for the massive pastes but hopefully someone can spot my error! Am I just approaching it the wrong way?
Tags
<c#><asp.net-mvc><wcf><model-view-controller><wif>
Title
Using tokens assigned from an STS to call a WCF service
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USHenry
UserOwnerUserId
1. USHenry
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POUsing tokens assigned from an STS to call a WCF service
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POUsing tokens assigned from an STS to call a WCF service
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POUsing tokens assigned from an STS to call a WCF service
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.