The WIF runtime provides out of the box configurations that can be used to configure claims support in your ASP.NET MVC 3 Web Applications and WCF 4.0 service applications with ease. This recipe explores the configuration sections provided by the Microsoft.IdentityModel
assembly. You will also find out how the IClaimsPrincipal
and IClaimsIdentity
interfaces provided by the WIF runtime allow abstracting the identity information with claims.
You can download the WIF runtime for Windows 7 and Windows 2008 operating systems, from http://www.microsoft.com/download/en/details.aspx?id=17331 and the WIF SDK for .NET Framework 4.0 from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4451.
Windows Identity Foundation is now built into .NET Framework 4.5. No additional runtime will be necessary, if you are developing on Windows 8 Developer Preview and .NET Framework 4.5. Also, note that all the features of WIF will be available under the System.IdentityModel.*
namespaces in .NET Framework 4.5.
To configure the applications for WIF runtime support, perform the following steps:
Microsoft.IdentityModel.Configuration.xml
. %Program Files% Windows Identity Foundation SDKv4.0Windows.Identity.Foundation.Config.xml
, and paste it in the Microsoft.IdentityModel.Configuration.xml
file. Microsoft.IdentityModel
configuration section in the App.config
file by referring to the section guidance provided in the Microsoft.IdentityModel.Configuration.xml
file:<configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration. MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections>
<securityTokenHandlers>
section from the Microsoft.IdentityModel.Configuration.xml
file, and paste it under the<service>
element in the<microsoft.identityModel>
configuration section. Update the type
attribute in the<add>
element to specify the fully qualified type:<microsoft.identityModel> <service> <securityTokenHandlers> <add type="Microsoft.IdentityModel.Tokens.Saml11.Saml11Securi tyTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <samlSecurityTokenRequirement issuerCertificateValidationMode="PeerOrChainTrust" issuerCertificateRevocationMode="Online" issuerCertificateTrustedStoreLocation="LocalMachine" mapToWindows="false" useWindowsTokenService="false"> <nameClaimType value="http://schemas.xmlsoap.org/ws/2005/05 /identity/claims/name"/> <roleClaimType value="schemas.microsoft.com/ws/2006/04/identity/ claims/role"/> </samlSecurityTokenRequirement> </add> </securityTokenHandlers> </service> </microsoft.identityModel>
Program.cs
file and modify the Main
method to load the<microsoft.IdentityModel>
configuration section from the App.config
file using the ConfigurationManager.OpenExeConfiguration
method:Configuration appConfig = ConfigurationManager. OpenExeConfiguration(ConfigurationUserLevel.None); var identityModelConfiguration = (MicrosoftIdentityModelSection) appConfig.GetSection("microsoft.identityModel"); string identityConfig = identityModelConfiguration.SectionInformation.GetRawXml();
The configuration elements are available under the Microsoft.IdentityModel.Configuration
namespace.
IClaimsPrincipal
using the current Windows identity:IClaimsPrincipal claimsPrincipal = WindowsClaimsPrincipal.CreateFromWindowsIdentity (WindowsIdentity.GetCurrent()); IClaimsIdentity claimsIdentity = (IClaimsIdentity) claimsPrincipal.Identity; var nameTypeClaim = claimsIdentity.NameClaimType; if (identityConfig.Contains(nameTypeClaim)) Console.WriteLine("Claim Type {0} supported for identity {1}", claimsIdentity.NameClaimType, claimsIdentity.Name); Console.ReadLine();
The IClaimsIdentity
instance is used to fetch the NameClaimType
property and check whether its value exists in the SecurityTokenHandler
configuration.
The Microsoft.IdentityModel
configuration schema available under the SDK installation folder is a useful guide for configuring the claims-based identity using WIF. It provides an elaborate description of each section and its usage with example. The configuration schema will be used throughout the course of this book to configure the WIF runtime features and enable the claims support.
The WIF runtime exposes the IClaimsPrincipal
and IClaimsIdentity
interfaces inheriting from the native IPrincipal
and IIdentity
contracts under the System.Security
namespace, providing additional methods to retrieve the claims information from the Identity
object. In our solution, we use the current Windows identity (WindowsIdentity.GetCurrent() method
) to create an instance of IClaimsPrincipal
using the WindowsClaimsPrincipal.CreateFromWindowsIdentity
method. The claims associated with the identity are then extracted and the NameClaimType
property value is compared with the supported claim type specified under the SecurityTokenHandler
configuration.
The complete source code for this recipe can be found in the Chapter 2Recipe 1
folder. You can also download a set of cool NuGet Packages for WIF from http://www.nuget.org/Packages. A couple of them worth mentioning are the Claims Diagnostics package, which provides the ability to inspect the claims, and the Security Token Request Validator package, which is used to prevent a request validation error in ASP.NET when claims-based tokens are assigned to the requestor using the HTTP commands.