In this exercise, you do not use an STS. You simply
create a WCF service that lets you access the current user’s claims
through IClaimsPrincipal. The way this works is that
FedUtil adds the ClaimsPrincipalHttpModule to your project.
The module lets you convert the current user’s
IPrincipal object to an IClaimsPrincipal object.
|You must run Visual Studio in Elevated mode for FedUtil to work correctly.|
First, create a Claims-Aware WCF service as shown in Claims-Aware WCF Service.
Next, right-click on your project in the Solution Explorer and select Add STS Reference:
This runs the FedUtil tool. You’ll see the FedUtil dialog box, beginning with the Welcome to Federation Utility tool page:
This page requires you to enter two fields:
- Application configuration location: Specify the path to the
web.config file for your WCF service. If you run FedUtil from
outside Visual Studio, this field is empty. If you run FedUtil from
inside Visual Studio, this field already contains the path to the
web.config file for your project. The web.config file must already
exist and should be in its default state (that is, as it was
generated by Visual Studio). If you run FedUtil more than once on
the same web.config file, FedUtil simply overwrites the content
that it adds to the web.config file.
- Application URI: Specify the URI for your WCF service. Note
that this is a .svc file. If you run FedUtil from outside Visual
Studio, this field is empty. If you run FedUtil from inside Visual
Studio, this field already contains two URIs for your project: one
that uses localhost, and one that uses the fully qualified domain
name for your computer, if available. This URI is used as the realm
value while configuring the application for claims. If the URI is
not secure (that is, does not begin with “https://”), you receive a
warning when you click Next.
When you have provided the information, click Next. You’ll see the Application Information page:
Select the service name and endpoint contract name that you want to configure, then click Next. If there are multiple endpoints on a service, and you want to configure claims only for certain endpoints, then select those endpoints.
The Security Token Service page appears:
Select No STS. This creates a WCF service that is claims-aware and does not require an STS to issue the claims. The service gets the default claims created by the framework. Click Next. You see the Summary page:
If you look at your web.config file, you’ll see that FedUtil has modified it:
<configuration>/<configSections>element now contains a reference to a
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=18.104.22.168, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<configuration>element now contains the
microsoft.identityModelconfiguration section, which contains the application URI that you specified previously:
<microsoft.identityModel> <service name="ClaimsAwareService1.Service"> <audienceUris> <add value="http://localhost:64705/ClaimsAwareService1/Service.svc" /> </audienceUris> </service> </microsoft.identityModel>