WCF: Determining Caller Identity within WCF Web Services (Part 2 of 4)

SharePoint 2010

Summary:  Learn to authenticate users in Microsoft SharePoint Foundation 2010 in this four-part series. Learn to determine the identity of the caller of a Windows Communication Foundation (WCF) web service that you consume as an external content type from Microsoft Business Connectivity Services (BCS).

Last modified: January 12, 2011

Available in SharePoint Online

Applies to: Business Connectivity Services | Office 2010 | Open XML | SharePoint Designer 2010 | SharePoint Foundation 2010 | SharePoint Online | SharePoint Server 2010 | Visual Studio

Provided by:   Eric White, Microsoft Corporation | Saji Varkey, Microsoft Corporation | Bin Zhang, Microsoft Corporation


This article is the second in a four-part series of articles that show how to create and implement a claims-aware web service by using Business Connectivity Services.

Windows Identity Foundation (WIF) gives you much more control over your identity logic. You can use WIF to determine the identity of the caller from inside a web service. The example that is presented in this article enhances the example that is presented in the previous article in the series, WCF: Building WCF Web Services for SharePoint 2010 Business Connectivity Services (Part 1 of 4), to determine caller identity. With each call to the web service, it appends the identity of the user calling the web service to a log file. You can then examine the log file to see caller identity.

To build the example

  1. Download and install Windows Identity Foundation. Install WIF on the same computer where you built the Windows Communication Foundation (WCF) web service.

  2. To build the web service, open the project that you created in the first article in the series, WCF: Building WCF Web Services for SharePoint 2010 Business Connectivity Services (Part 1 of 4)

  3. Add a reference to the [Microsoft.IdentityModel] assembly. In Microsoft Visual Studio 2010 or Visual Studio 2008, click Project, and then click Add Reference.

  4. Click the Browse tab. Browse to %ProgramFiles%\Reference Assemblies\Microsoft\Windows Identity Foundation\v3.5.

    Figure 1. Location of the Windows Identity Foundation assemblies

    Browse to the location of the WIF assemblies
  5. Select Microsoft.IdentityModel.dll, and then click OK.

    Figure 2. Select the Windows Identity Framework DLL

    Select the Windows Identity Framework DLL
  6. Replace the contents of Customers.svc.cs with the following code.

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Linq;
    using Microsoft.IdentityModel.Claims;
    namespace CustomersService
        public class Customers : ICustomers
            private const string IdentityClaimType = @"http://schemas.microsoft.com/sharepoint/2009/08/claims/userid";
            private string GetIdentity()
                string identityName = String.Empty;
                IClaimsIdentity claimsIdentity = 
                  System.Threading.Thread.CurrentPrincipal.Identity as IClaimsIdentity;if (claimsIdentity != null)
                    // claim
                    foreach (Claim claim in claimsIdentity.Claims)
                        if (String.Equals(IdentityClaimType, claim.ClaimType, 
                            identityName = claim.Value;
                    identityName = System.Threading.Thread.CurrentPrincipal.Identity.Name;
                return identityName;
            // Finder
            public List<Customer> GetAllCustomers()
                string id = GetIdentity();
                  string.Format("GetAllCustomers: Identity: {0}", id) + Environment.NewLine);
                return new List<Customer>()
                    new Customer
                        CustomerID = 1,
                        CustomerName = "Bob",
                    new Customer
                        CustomerID = 2,
                        CustomerName = "Bill",
                    new Customer
                        CustomerID = 3,
                        CustomerName = "Cheryl",
            // Specific finder
            public Customer GetCustomerByID(int CustomerID)
                string id = GetIdentity();
                  string.Format("GetCustomerByID: Identity: {0}", id) + Environment.NewLine);
                return GetAllCustomers().FirstOrDefault(c => c.CustomerID == CustomerID);
  7. Rebuild the application. Because it is hosted by using Internet Information Services, we do not need to do anything for the rebuilt service to be active.

  8. Use wcftestclient to exercise the web service.

  9. Start a Visual Studio command prompt.

  10. Type wcftestclient to run the WCF test client.

  11. Click File, and then click Add Service.

  12. Type http://localhost/Customers/Customers.svc as the endpoint address, and then click OK.

    Figure 3. Typing the endpoint address in the WCF test client

    Enter the endpoint address in the WCF Test Client

    If you added the service successfully, you see the methods that the service exposes.

    Figure 4. WCF test client showing methods

    WCF Test Client showing methods
  13. Double-click the GetAllCustomers method. This opens a window that lets you configure the request and invoke the request.

  14. Click Invoke to invoke the GetAllCustomers method.

    Figure 5. Data in the WCF test client

    WCF Test Client showing data
  15. After invoking the web service, browse to C:\MyWebService, and examine log.txt. The log file resembles the following:

    GetAllCustomers: Identity: CONTOSO\ericwhite

In this article, you completed the second of four major steps towards creating a claims-aware web service, and consuming it by using Business Connectivity Services. You improved the web service that you created in WCF: Building WCF Web Services for SharePoint 2010 Business Connectivity Services (Part 1 of 4), adding code that uses WIF to determine caller identity, and write the identity to a log file. In the next article, WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service (Part 3 of 4), you follow procedures to establish trust between the web service and SharePoint 2010security token service (STS).