Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support WS2007FederationHttpBinding

See original GitHub issue

As per @mconnew’s request in https://github.com/dotnet/wcf/issues/8#issuecomment-570717036 this issue is used to track WS2007FederationHttpBinding support.

@CumpsD, we’re in the process of adding support for WS-Federation. We’re waiting on another team to provide an implementation of a WS-Trust client which can get the federation token to then communicate with the server. That’s then used by WSHttpBinding to communicate with the server.

I took a look at WS2007FederationHttpBinding to see how it’s different than WSFederationHttpBinding and the difference is that it uses WS2007HttpBinding which we don’t have as a specific binding. I checked the protocols used by WS2007HttpBinding and it looks like we probably have most if not all the implementation required to implement it.

Can you open an issue specifically for WS2007FederationHttpBinding?

Issue Analytics

State:
Created 4 years ago
Reactions:3
Comments:9 (5 by maintainers)

Top GitHub Comments

1reaction

tiagopsantoscommented, Sep 1, 2020

Can confirm its functional on .netcore3.1, would be nice to have some XML to code binding configuration converter. Here his my conversion between the WCF .configuration and the code base config.

ws2007HttpBinding

<ws2007HttpBinding>
    <binding name="issuerBinding">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName" establishSecurityContext="false" />
      </security>
    </binding>
</ws2007HttpBinding>

var issuerBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
issuerBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
issuerBinding.Security.Message.EstablishSecurityContext = false;

ws2007FederationHttpBinding

<ws2007FederationHttpBinding>
    <binding name="binding" maxReceivedMessageSize="2147483647" closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
      <security mode="TransportWithMessageCredential">
        <message establishSecurityContext="true" issuedKeyType="BearerKey">
          <issuer address="https://XXX/adfs/services/trust/13/UsernameMixed" binding="ws2007HttpBinding" bindingConfiguration="adfsBinding" />
        </message>
      </security>
    </binding>
</ws2007FederationHttpBinding>

var binding = new WsFederationHttpBinding(new WsTrustTokenParameters
{
	KeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey,
	EstablishSecurityContext = true,
						
	
	// Specify the issuer binding created previously and the issuer’s address
	IssuerBinding = issuerBinding,
	IssuerAddress = new EndpointAddress("https://XXX/adfs/services/trust/13/UsernameMixed"),

	// Be sure to choose the correct MessageSecurityVersion depending on whether the binding is for a
	// Ws2007FederationHttpBinding scenario or a WsFederationHttpBinding scenario.
	MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10,
});
binding.MaxReceivedMessageSize = int.MaxValue;// 2147483647;
binding.CloseTimeout = new TimeSpan(0, 5, 0);
binding.OpenTimeout = new TimeSpan(0, 5, 0);
binding.ReceiveTimeout = new TimeSpan(0, 5, 0);
binding.SendTimeout = new TimeSpan(0, 5, 0);

1reaction

mconnewcommented, Aug 11, 2020

@m-straub, you can get the preview packages at this nuget feed:
https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5/nuget/v3/index.json

Although this is a feed for dotnet5, the WCF packages continue to only depend on netstandard2.0 which means our latest packages work on all currently supported versions of .NET Core. We have a new package System.ServiceModel.Federation which has a new binding WsFederationHttpBinding (casing is wrong, this will likely change to WSFed… in a future build).

Here’s some sample code for the equivalent of WS2007FederationHttpBinding:

var issuerBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
issuerBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
issuerBinding.Security.Message.EstablishSecurityContext = false;

// Next, create the WsFederationHttpBinding
var binding = new WsFederationHttpBinding(new WsTrustTokenParameters
{
    // Specify the issuer binding created previously and the issuer’s address
    IssuerBinding = issuerBinding,
    IssuerAddress = new EndpointAddress("https://<IssuerAddress>/adfs/services/trust/13/usernamemixed"),

    // Be sure to choose the correct MessageSecurityVersion depending on whether the binding is for a
    // Ws2007FederationHttpBinding scenario or a WsFederationHttpBinding scenario.
    MessageSecurityVersion = WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10,
});

If you have problems with this, please provide your existing binding. We’re still shaking the bugs out of this and we haven’t implemented every feature. We’ve implemented the most common scenarios and anything beyond that we’ll evaluate based on size of work and level of demand.