Using Silverlight to Access WIF secured WCF Services (Part 3)

In this last part of the series (see here and here) I want to show you how to use the WIF/SL integration ClaimsIdentitySessionManager to request tokens and talk to WIF secured services.

The ClaimsIdentityManager registers as an ApplicationService in SL. Once registered, it can encapsulate the process of requesting a token for a relying party, caching that token as well as setting the SOAP security header for outgoing service requests.

Registration
ClaimsIdentitySessionManager gets registered in app.xaml. Here you can specify the endpoint address of the WS-Trust token services as well as the credential type. In this sample I am using the ADFS2 Windows/Transport endpoint from my last post.

<Application.ApplicationLifetimeObjects>
    <id:ClaimsIdentitySessionManager>
        <id:ClaimsIdentitySessionManager.IdentityProvider>
            <id:WSTrustSecurityTokenService
                   Endpoint=”https://server/services/trust/13/windowstransport&#8221; 
                   CredentialType=”DefaultCredential” />
        </id:ClaimsIdentitySessionManager.IdentityProvider>
    </id:ClaimsIdentitySessionManager>
</Application.ApplicationLifetimeObjects>

Calling the Service
All the service interaction is abstracted by the ClaimsIdentitySessionManager. The call to InvokeAsync does a few things:

  • checks if a token has already been obtained for the service endpoint
    • if not, requests the token and caches it
    • if a password is required, invokes a callback to the UI
  • sets the SOAP security header using the requested token

private void CallService()
{
    var factory = new ChannelFactory<StarterServiceContract>(“symmetric”);
    var proxy = factory.CreateChannel();
    var channel = proxy as IClientChannel;

    ClaimsIdentitySessionManager.Current.InvokeAsync(() =>
        {
            proxy.BeginGetClaims(result => ShowClaims(proxy, result), null);
        }, channel);
}

This entry was posted in IdentityModel. Bookmark the permalink.

4 Responses to Using Silverlight to Access WIF secured WCF Services (Part 3)

  1. Sourish says:

    Nice blog..But how would you handle a scenario where Client has its own Identity Provider ( lets say ADFS1) and WCF has its own Relying party STS ( say ADFS2)…How Silverlight will collect the saml token from ADFS1 and then go to ADFS2 to get the final saml bearer token which it can use for the WCFservice . WIF has its API to do this but I am not able to figure out how to do this in Silverlight. Any help is much appreciated.

    • I don’t know – I stopped caring about Silverlight a long time ago. sorry.

      • Sourish says:

        Well in that case what alternative to silverlight you would suggest? I have a existing silverlight web application with such requirement..but I am also looking for alternative options as we know that silverlight is a dead technology now. Help appreciated.

      • Well – I see a big technology shift to HTML, JavaScript and OAuth.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s