How To: Use AD FS Endpoints When Developing Claims Aware WCF Services Using WIF
This post is based on WIF Built-in Bindings Overview and AD FS Endpoints. This information should provide a more cohesive view for developers when developing claims aware WCF services using AD FS and WIF.
There are 30 scenarios here. Working on guidance when to use what.
WS-Trust 1.3 endpoints
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/windows | Trust13WindowsMessage |
| WindowsWSTrustBinding windowsTrust13MessageBinding = new WindowsWSTrustBinding(); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/windowsmixed | Trust13WindowsMixed |
| WindowsWSTrustBinding windowsTrust13MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/windowstransport | Trust13WindowsTransport |
| WindowsWSTrustBinding windowsTrust13TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/certificate | Trust13CertificateMessage |
| CertificateWSTrustBinding certificateTrust13MessageBinding = new CertificateWSTrustBinding(); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/certificatemixed | Trust13CertificateMixed |
| CertificateWSTrustBinding certificateTrust13MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/certificatetransport | Trust13CertificateTransport |
| CertificateWSTrustBinding certificateTrust13TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/username | Trust13UserNameMessage |
| UserNameWSTrustBinding userNameTrust13MessageBinding = new UserNameWSTrustBinding(); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/usernamemixed | Trust13UserNameMixed |
| UserNameWSTrustBinding userNameTrust13MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/usernamebasictransport | Trust13UserNameBasicTransport |
| UserNameWSTrustBinding userNameTrust13TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic); | |
| AD FS Endpoint | WCF Binding |
| N/A | Trust13UserNameDigestTransport |
| UserNameWSTrustBinding userNameTrust13TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest); | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/kerberosmixed | Trust13KerberosMixed |
| KerberosWSTrustBinding kerberosTrust13MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential); | |
WS-Trust 1.3 Issued Token endpoints
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/issuedtokenasymmetricbasic256 | Trust13IssuedTokenAsymmetricBasic256 |
| IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding(); issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/issuedtokenmixedasymmetricbasic256 | Trust13IssuedTokenMixedAsymmetricBasic256 |
| IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding(); issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/issuedtokenmixedsymmetricbasic256 | Trust13IssuedTokenMixedSymmetricBasic256 |
| IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding(); issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/13/issuedtokensymmetricbasic256 | Trust13IssuedTokenSymmetricBasic256 |
WS-Trust 2005 endpoints
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/windows | TrustFeb2005WindowsMessage |
| WindowsWSTrustBinding windowsTrustFeb2005MessageBinding = new WindowsWSTrustBinding(); windowsTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/windowsmixed | TrustFeb2005WindowsMixed |
| WindowsWSTrustBinding windowsTrustFeb2005MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential); windowsTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/windowstransport | TrustFeb2005WindowsTransport |
| WindowsWSTrustBinding windowsTrustFeb2005TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport); windowsTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/certificate | TrustFeb2005CertificateMessage |
| CertificateWSTrustBinding certificateTrustFeb2005MessageBinding = new CertificateWSTrustBinding(); certificateTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/certificatemixed | TrustFeb2005CertificateMixed |
| CertificateWSTrustBinding certificateTrustFeb2005MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential); certificateTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/certificatetransport | TrustFeb2005CertificateTransport |
| CertificateWSTrustBinding certificateTrustFeb2005TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport); certificateTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/username | TrustFeb2005UserNameMessage |
| UserNameWSTrustBinding userNameTrustFeb2005MessageBinding = new UserNameWSTrustBinding(); userNameTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/usernamemixed | TrustFeb2005UserNameMixed |
| UserNameWSTrustBinding userNameTrustFeb2005MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); userNameTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/usernamebasictransport | TrustFeb2005UserNameBasicTransport |
| UserNameWSTrustBinding userNameTrustFeb2005TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic); userNameTrustFeb2005TransportBasicBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| TrustFeb2005UserNameDigestTransport | |
| UserNameWSTrustBinding userNameTrustFeb2005TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest); userNameTrustFeb2005TransportDigestBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/kerberosmixed | TrustFeb2005KerberosMixed |
| KerberosWSTrustBinding kerberosTrustFeb2005MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential); kerberosTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
WS-Trust 2005 Issued Token endpoints
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/issuedtokenasymmetricbasic256 | TrustFeb2005IssuedTokenAsymmetricBasic256 |
| issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256 | TrustFeb2005IssuedTokenMixedAsymmetricBasic256 |
| issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256 | TrustFeb2005IssuedTokenMixedSymmetricBasic256 |
| issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |
| AD FS Endpoint | WCF Binding |
| /adfs/services/trust/2005/issuedtokensymmetricbasic256 | TrustFeb2005IssuedTokenSymmetricBasic256 |
| issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; | |