Last week I did a talk at Software Architect about Federation and CardSpace. I got almost the same question three times: “Can I use CardSpace in my own applications – without having to use WCF or a browser?”
The scenarios where interesting – Andy had a CardSpace enabled VPN/Radius access in mind and Tim was wondering how to CardSpace enable an http/xml based system.
So I decided to have another look at the APIs in the System.IdentityModel.Selectors assembly (specifically the CardSpaceSelector.GetToken() method).
Well – this API is quite unpleasant to use as it requires a lot of handcrafted XML to generate the policy that gets passed to the CardSpace selector service. So I wrote a little wrapper to simplify things. You basically pass in the required details (issuer and target URI, the target identity as well as required/optional claims) and get back the encrypted XML token. From this point on it is up to you to use this token in whatever way you want – it is as easy a shipping a string to your relying party. handy.
This code snippet shows how to use the wrapper to get a token for a self issued card:
IdentitySelector selector = new IdentitySelector(); selector.IssuerUri =
new Uri("http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"); selector.TargetUri = new Uri("http://relyingParty"); selector.SetTargetCertificate("RelyingParty", X509FindType.FindBySubjectName, StoreLocation.CurrentUser, StoreName.AddressBook); selector.RequiredClaims.Add(ClaimTypes.GivenName); selector.RequiredClaims.Add(ClaimTypes.Surname); selector.RequiredClaims.Add(ClaimTypes.Email); string tokenString = selector.GetTokenString();
IdentitySelectorWrapper.zip (13.29 KB)