FederatedMessageSecurityOverHttp.ClaimTypeRequirements Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets a collection of the ClaimTypeRequirement instances for this binding.

Namespace:   System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public Collection<ClaimTypeRequirement> ClaimTypeRequirements { get; }

Property Value

Type: System.Collections.ObjectModel.Collection<ClaimTypeRequirement>

A Collection<T> of type ClaimTypeRequirement. The default is an empty collection.

The collection returned by this property is used by the service to specify any required and optional claims which must be in the issued token the client uses to access the service. The service exposes the required claim types in metadata if WSDL publishing is enabled but WCF does not require the issued token contain the specified claim types. Services wishing to enforce required claim types are present should do using authorization policy.

On federated clients this collection contains the list of required and optional claims which is sent to the security token service in the client’s request for an issued token.

The following code shows how to access this property from the binding, and set it.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding 
       CreateWSFederationHttpBinding(bool isClient)
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;

  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = 

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  X509Certificate2Collection certs = store.Certificates.Find(
         X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);

  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );

  // Set the IssuerAddress using the address of the STS and the previously created 
     // EndpointIdentity.
  b.Security.Message.IssuerAddress = 
         new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
     // The IssuerBinding is only used on federated clients.
     if (isClient)
         b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");

     // Set the IssuerMetadataAddress using the metadata address of the STS and the
     // previously created EndpointIdentity. The IssuerMetadataAddress is only used 
     // on federated services.
         b.Security.Message.IssuerMetadataAddress =
             new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);

     // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement 
         ("http://example.org/claim/c1", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements

.NET Framework
Available since 3.0
Return to top