Edit

Share via


WSFederationHttpSecurity.Message Property

Definition

Indicates the message security settings for the WSFederationHttpBinding.

public:
 property System::ServiceModel::FederatedMessageSecurityOverHttp ^ Message { System::ServiceModel::FederatedMessageSecurityOverHttp ^ get(); };
public:
 property System::ServiceModel::FederatedMessageSecurityOverHttp ^ Message { System::ServiceModel::FederatedMessageSecurityOverHttp ^ get(); void set(System::ServiceModel::FederatedMessageSecurityOverHttp ^ value); };
public System.ServiceModel.FederatedMessageSecurityOverHttp Message { get; }
public System.ServiceModel.FederatedMessageSecurityOverHttp Message { get; set; }
member this.Message : System.ServiceModel.FederatedMessageSecurityOverHttp
member this.Message : System.ServiceModel.FederatedMessageSecurityOverHttp with get, set
Public ReadOnly Property Message As FederatedMessageSecurityOverHttp
Public Property Message As FederatedMessageSecurityOverHttp

Property Value

A FederatedMessageSecurityOverHttp value.

Examples

The following code shows how to access this property and use it to set properties of the wsFederationHttpBinding.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding
    CreateWSFederationHttpBinding(bool isClient)
{
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;

  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType =
      "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadOnly);
  X509Certificate2Collection certs = store.Certificates.Find(
      X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
  store.Close();

  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );

  // Set the IssuerAddress using the address of the STS and the previously created
  // EndpointIdentity.
  b.Security.Message.IssuerAddress =
      new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration.
  // The IssuerBinding is only used on federated clients.
  if (isClient)
  {
      b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
  }

  // Set the IssuerMetadataAddress using the metadata address of the STS and the
  // previously created EndpointIdentity. The IssuerMetadataAddress is only used
  // on federated services.
  else
  {
      b.Security.Message.IssuerMetadataAddress =
          new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
  }

  // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement
      ("http://example.org/claim/c1", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr);

  // Return the created binding
  return b;
}
' This method creates a WSFederationHttpBinding.
Public Shared Function CreateWSFederationHttpBinding(ByVal isClient As Boolean) As WSFederationHttpBinding
  ' Create an instance of the WSFederationHttpBinding.
  Dim b As New WSFederationHttpBinding()

  ' Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message

  ' Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15

  ' Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = True

  ' Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey

  ' Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"

  ' Extract the STS certificate from the certificate store.
  Dim store As New X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser)
  store.Open(OpenFlags.ReadOnly)
  Dim certs As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", False)
  store.Close()

  ' Create an EndpointIdentity from the STS certificate.
  Dim identity As EndpointIdentity = EndpointIdentity.CreateX509CertificateIdentity (certs(0))

  ' Set the IssuerAddress using the address of the STS and the previously created 
  ' EndpointIdentity.
  b.Security.Message.IssuerAddress = New EndpointAddress(New Uri("http://localhost:8000/sts/x509"), identity)

  ' Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  ' The IssuerBinding is only used on federated clients.
  If isClient Then
      b.Security.Message.IssuerBinding = New WSHttpBinding("Issuer")

  ' Set the IssuerMetadataAddress using the metadata address of the STS and the
  ' previously created EndpointIdentity. The IssuerMetadataAddress is only used 
  ' on federated services.
  Else
      b.Security.Message.IssuerMetadataAddress = New EndpointAddress(New Uri("http://localhost:8001/sts/mex"), identity)
  End If

  ' Create a ClaimTypeRequirement.
  Dim ctr As New ClaimTypeRequirement("http://example.org/claim/c1", False)

  ' Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr)

  ' Return the created binding
  Return b
End Function

Remarks

The object returned specifies detailed message-level security properties for the wsFederationHttpBinding.

Applies to