Windows® Identity Foundation (WIF) provides easy integration with Windows Communication Foundation (WCF). This lets a WCF service use WIF’s features, such as the new claims model, support for additional security token types (SAML 2.0), and token handling. This topic shows how to do this.

To Enable Windows Identity Foundation in a Self-Hosted WCF Service

  1. In Visual Studio, add a reference to the WIF assembly (Microsoft.IdentityModel.dll) to the WCF service project.

  2. Add code that calls the ConfigureServiceHost method and passes it a service host instance for which to enable WIF. You must do this before you call ServiceHost.Open() on that instance. This method makes the necessary changes to the ServiceHost instance settings to integrate WIF’s features with the WCF message processing pipeline.

    You should only call ConfigureServiceHost after you have done all configuration of the ServiceHost. For example, if you update the service certificate on ServiceHost.Credentials after you call ConfigureServiceHost, your update will not be reflected in the SecurityTokenHandler.

The following code sample shows how to do this:

  Copy Code
using (ServiceHost host = new ServiceHost(typeof(ClaimsAwareWebService), new Uri("http://localhost:6020/ClaimsAwareWebService")))
// Configure WIF on the service host.
// This attempts to read the web.config/app.config file and load any
// settings from the <Microsoft.IdentityModel> configuration section.


	 Console.WriteLine(“Service is ready, press ENTER to close ...”);


To Enable Windows Identity Foundation in a Web-Hosted WCF Service

You can configure your Web-hosted service to use WIF by making the following configuration changes:

  • Add a <behaviorConfiguration> (if one doesn’t already exist):

      Copy Code
    <service name="Service" behaviorConfiguration="ClaimsBehavior">
  • Reference the behavior in your configuration:

      Copy Code
    		<behavior name="ClaimsBehavior" > 
    <!-- Behavior extension to make the service claims aware -->
  • Define the behavior as an extension:

      Copy Code
    <!-- This behavior extension will enable the service host to be Claims aware -->
    		<add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>