In this exercise, you do not use an STS. You simply create a WCF service that lets you access the current user’s claims through IClaimsPrincipal. The way this works is that FedUtil adds the ClaimsPrincipalHttpModule to your project. The module lets you convert the current user’s IPrincipal object to an IClaimsPrincipal object.

You must run Visual Studio in Elevated mode for FedUtil to work correctly.

First, create a Claims-Aware WCF service as shown in Claims-Aware WCF Service.

Next, right-click on your project in the Solution Explorer and select Add STS Reference:

This runs the FedUtil tool. You’ll see the FedUtil dialog box, beginning with the Welcome to Federation Utility tool page:

This page requires you to enter two fields:

  1. Application configuration location: Specify the path to the web.config file for your WCF service. If you run FedUtil from outside Visual Studio, this field is empty. If you run FedUtil from inside Visual Studio, this field already contains the path to the web.config file for your project. The web.config file must already exist and should be in its default state (that is, as it was generated by Visual Studio). If you run FedUtil more than once on the same web.config file, FedUtil simply overwrites the content that it adds to the web.config file.

  2. Application URI: Specify the URI for your WCF service. Note that this is a .svc file. If you run FedUtil from outside Visual Studio, this field is empty. If you run FedUtil from inside Visual Studio, this field already contains two URIs for your project: one that uses localhost, and one that uses the fully qualified domain name for your computer, if available. This URI is used as the realm value while configuring the application for claims. If the URI is not secure (that is, does not begin with “https://”), you receive a warning when you click Next.

When you have provided the information, click Next. You’ll see the Application Information page:

Select the service name and endpoint contract name that you want to configure, then click Next. If there are multiple endpoints on a service, and you want to configure claims only for certain endpoints, then select those endpoints.

The Security Token Service page appears:

Select No STS. This creates a WCF service that is claims-aware and does not require an STS to issue the claims. The service gets the default claims created by the framework. Click Next. You see the Summary page:

Click Finish.

If you look at your web.config file, you’ll see that FedUtil has modified it:

  • The <configuration>/<configSections> element now contains a reference to a microsoft.IdentityModel configuration section:

      Copy Code
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  • The <configuration> element now contains the microsoft.identityModel configuration section, which contains the application URI that you specified previously:

      Copy Code
    	<service name="ClaimsAwareService1.Service">
    			<add value="http://localhost:64705/ClaimsAwareService1/Service.svc" />