Accessing a Claim Aware WCF from Silverlight_问答_开发者

Accessing a Claim Aware WCF from Silverlight

开发者 https://www.devze.com 2023-03-06 20:38 出处：网络

I am working on a Silverlight 4 application which connects to a claim ware WCF Service. I am using the following code to retrive the claim token in my WCF to perform authorization.

IClaimsPrincipal principal = ( IClaimsPrincipal )Thread.CurrentPrincipal;   
IClaimsIdentity identity = ( IClaimsIdentity )principal.Identity;
return string.Format( "You entere开发者_如何转开发d: {0} and you are {1}", value, identity.Name );

When I use wsHttpBinding in WCF and try it out with a console app, it works fine. But since Silverlight only supports basicHttp and customeBinding, i cannot use wsHttp, ws2007Http or anyother binding. Becase of which I am not getting the IClaimIdentity token in my WCF from Silverlight.

Is there any way I can use any of the Silverlight suppported binding and still get the ClaimIdentity in my WCF. Is there any tutorial/help text where I can read more abouth this.

My WCF settings are:

<system.serviceModel>
    <services>
      <service name="ClainAwareWCF.Service" behaviorConfiguration="ClainAwareWCF.ServiceBehavior">
        <endpoint address="" binding="basicHttpBinding" contract="ClainAwareWCF.IService" bindingConfiguration="basicbind">
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="basicbind">
          <security mode="TransportCredentialOnly"></security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="ClainAwareWCF.ServiceBehavior" > 
          <federatedServiceHostConfiguration/>
          <serviceMetadata  httpGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <extensions>      
      <behaviorExtensions>
        <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      </behaviorExtensions>
    </extensions>
  </system.serviceModel>

Trying to call this directly from the client will never happen because of the binding issues and also because the client auth awareness security of SL (Windows/Forms/WIF/etc.), but one approach is to use RIA Services Domain Authentication Services to authenticate and call the services from the server-side through a WCF RIA Invoke endpoint. The user's security context is proxied to the client and you can tunnel data over the wire in a straight-forward manner.

This may get you in the right direction:

http://archive.msdn.microsoft.com/RiaServices/Release/ProjectReleases.aspx?ReleaseId=5617

Silverlight doesn´t support Claims Based Authorization and WS-Trust out of the box. Microsoft was going to put this into Silverlight 5 but forgot to do so unfortunately.

There is however a very elegant and usable "Silverlight" version of the WIF IdentityModel stuff available in the Identity Training Kit.

The solution consists of a base AuthenticationService that translates WIF authentication tokens to claims server side, and a Silverlight client library "SL.IdentityModel" containing the building blocks such as a Silverlight version of a ClaimsPrincipal.

Get the Identity Training Kit here. Look for the sample Silverlight implementation.