Last week I did a talk at Software Architect about Federation and CardSpace. I got almost the same question three times: “Can I use CardSpace in my own applications – without having to use WCF or a browser?”

The scenarios where interesting – Andy had a CardSpace enabled VPN/Radius access in mind and Tim was wondering how to CardSpace enable an http/xml based system.

So I decided to have another look at the APIs in the System.IdentityModel.Selectors assembly (specifically the CardSpaceSelector.GetToken() method).

Well – this API is quite unpleasant to use as it requires a lot of handcrafted XML to generate the policy that gets passed to the CardSpace selector service. So I wrote a little wrapper to simplify things. You basically pass in the required details (issuer and target URI, the target identity as well as required/optional claims) and get back the encrypted XML token. From this point on it is up to you to use this token in whatever way you want –  it is as easy a shipping a string to your relying party. handy.

This code snippet shows how to use the wrapper to get a token for a self issued card:

IdentitySelector selector = new IdentitySelector();

selector.IssuerUri = 
  new Uri("http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self");
selector.TargetUri = new Uri("http://relyingParty");
selector.SetTargetCertificate("RelyingParty",
    X509FindType.FindBySubjectName,
    StoreLocation.CurrentUser,
    StoreName.AddressBook);

selector.RequiredClaims.Add(ClaimTypes.GivenName);
selector.RequiredClaims.Add(ClaimTypes.Surname);
selector.RequiredClaims.Add(ClaimTypes.Email);

string tokenString = selector.GetTokenString();

IdentitySelectorWrapper.zip (13.29 KB)