Claims-Aware WCF Service

  • Article

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

In Visual Studio, open the File menu and select New, Web Site. Select Claims-Aware WCF Service.

If you look at your web.config file, you’ll see a number of differences from the web.config for a typical WCF service.

  • The assemblies element now includes the WIF assembly:

    <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

  • The services element contains a new service:

    <service name="ClaimsAwareService1.Service" behaviorConfiguration="ClaimsAwareService1.ServiceBehavior">

  • The services element also contains a new endpoint:

    <endpoint address="" binding="wsHttpBinding" contract="ClaimsAwareService1.IService">

  • The serviceBehavior element contains a new service behavior:

    <behaviors>
    <serviceBehaviors>
        <behavior name="ClaimsAwareService1.ServiceBehavior" > 
        <!-- Behavior extension to make the service claims aware -->
        <federatedServiceHostConfiguration/>
        <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
        <serviceMetadata  httpGetEnabled="true"/>
        <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
        <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
    </serviceBehaviors>
</behaviors>

  • Finally, an extensions element is added to the system.serviceModel element:

    <extensions> 
    <behaviorExtensions>
    <!-- This behavior extension will enable the service host to be Claims aware -->
        <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    </behaviorExtensions>
</extensions>

You can now use FedUtil to access the current user’s claims through IClaimsPrincipal. For more information, see How to: Build a WCF Relying Party Application.