WSFederationHttpSecurity.Message Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Indicates the message security settings for the WSFederationHttpBinding.

Namespace:   System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public FederatedMessageSecurityOverHttp Message { get; set; }

The object returned specifies detailed message-level security properties for the wsFederationHttpBinding.

The following code shows how to access this property and use it to set properties of the wsFederationHttpBinding.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding 
       CreateWSFederationHttpBinding(bool isClient)
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;

  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = 

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  X509Certificate2Collection certs = store.Certificates.Find(
         X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);

  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );

  // Set the IssuerAddress using the address of the STS and the previously created 
     // EndpointIdentity.
  b.Security.Message.IssuerAddress = 
         new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
     // The IssuerBinding is only used on federated clients.
     if (isClient)
         b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");

     // Set the IssuerMetadataAddress using the metadata address of the STS and the
     // previously created EndpointIdentity. The IssuerMetadataAddress is only used 
     // on federated services.
         b.Security.Message.IssuerMetadataAddress =
             new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);

     // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement 
         ("", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements

  // Return the created binding
  return b;

.NET Framework
Available since 3.0
Return to top