Claims-Aware WCF Service
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]
In Visual Studio, open the File menu and select New, Web Site. Select Claims-Aware WCF Service.
If you look at your web.config file, you’ll see a number of differences from the web.config for a typical WCF service.
The
assemblies
element now includes the WIF assembly:<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
The
services
element contains a new service:<service name="ClaimsAwareService1.Service" behaviorConfiguration="ClaimsAwareService1.ServiceBehavior">
The
services
element also contains a new endpoint:<endpoint address="" binding="wsHttpBinding" contract="ClaimsAwareService1.IService">
The
serviceBehavior
element contains a new service behavior:<behaviors> <serviceBehaviors> <behavior name="ClaimsAwareService1.ServiceBehavior" > <!-- Behavior extension to make the service claims aware --> <federatedServiceHostConfiguration/> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors>
Finally, an
extensions
element is added to thesystem.serviceModel
element:<extensions> <behaviorExtensions> <!-- This behavior extension will enable the service host to be Claims aware --> <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </behaviorExtensions> </extensions>
You can now use FedUtil to access the current user’s claims through IClaimsPrincipal. For more information, see How to: Build a WCF Relying Party Application.