Built-in Bindings Overview

Windows® Identity Foundation (WIF) provides the following built-in bindings to make it easier to communicate with Active Directory® Federation Services (AD FS) 2.0:

UserNameWSTrustBinding

UserNameWSTrustBinding authenticates the client with a username and password. By default, this uses message-level security and WS-Trust 1.3. The following code snippet shows how to create and configure this binding:

	Copy Code
// TrustFeb2005UserNameMessage: UserNameWSTrustBinding userNameTrustFeb2005MessageBinding = new UserNameWSTrustBinding(); userNameTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

CertificateWSTrustBinding

CertificateWSTrustBinding authenticates the client with a certificate. By default, this uses message-level security and WS-Trust 1.3. The following code snippet shows how to create and configure this binding:

	Copy Code
// TrustFeb2005CertificateMessage: CertificateWSTrustBinding certificateTrustFeb2005MessageBinding = new CertificateWSTrustBinding(); certificateTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

Copy Code

// TrustFeb2005CertificateMessage:
CertificateWSTrustBinding certificateTrustFeb2005MessageBinding = new CertificateWSTrustBinding();
certificateTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

WindowsWSTrustBinding

WindowsWSTrustBinding authenticates the client with Simple and Protected GSSAPI Negotiation Mechanism (SPNego). By default, this uses message-level security and WS-Trust 1.3. The following code snippet shows how to create and configure this binding:

	Copy Code
// TrustFeb2005WindowsMessage: WindowsWSTrustBinding windowsTrustFeb2005MessageBinding = new WindowsWSTrustBinding(); windowsTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

KerberosWSTrustBinding

KerberosWSTrustBinding authenticates the client with Kerberos. By default, this uses transport with message credential security and WS-Trust 1.3. The following code snippet shows how to create and configure this binding:

	Copy Code
// TrustFeb2005KerberosMixed: KerberosWSTrustBinding kerberosTrustFeb2005MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential); kerberosTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

Copy Code

// TrustFeb2005KerberosMixed:
KerberosWSTrustBinding kerberosTrustFeb2005MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential);
kerberosTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

IssuedTokenWSTrustBinding

IssuedTokenWSTrustBinding authenticates the client with an issued token. The following code snippet shows how to create and configure this binding:

	Copy Code
// Trust13IssuedTokenAsymmetricBasic256: IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding(); issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey;

Note that this binding does not support the following scenarios:

Bearer token with message-level security.
Asymmetric key type with transport-level security.
Bearer token with WS-Trust 2005.

The following code sample lists the endpoints exposed by Active Directory® Federation Services (AD FS) 2.0, and shows how to set up the appropriate binding:

	Copy Code
/ WS-Trust 2005 endpoints / // TrustFeb2005WindowsMessage: WindowsWSTrustBinding windowsTrustFeb2005MessageBinding = new WindowsWSTrustBinding(); windowsTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005WindowsMixed: WindowsWSTrustBinding windowsTrustFeb2005MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential); windowsTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005WindowsTransport: WindowsWSTrustBinding windowsTrustFeb2005TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport); windowsTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005CertificateMessage: CertificateWSTrustBinding certificateTrustFeb2005MessageBinding = new CertificateWSTrustBinding(); certificateTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005CertificateMixed: CertificateWSTrustBinding certificateTrustFeb2005MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential); certificateTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005CertificateTransport: CertificateWSTrustBinding certificateTrustFeb2005TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport); certificateTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005UserNameMessage: UserNameWSTrustBinding userNameTrustFeb2005MessageBinding = new UserNameWSTrustBinding(); userNameTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005UserNameMixed: UserNameWSTrustBinding userNameTrustFeb2005MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); userNameTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005UserNameBasicTransport: UserNameWSTrustBinding userNameTrustFeb2005TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic); userNameTrustFeb2005TransportBasicBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005UserNameDigestTransport: UserNameWSTrustBinding userNameTrustFeb2005TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest); userNameTrustFeb2005TransportDigestBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005KerberosMixed: KerberosWSTrustBinding kerberosTrustFeb2005MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential); kerberosTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005; / WS-Trust 1.3 endpoints / // Trust13WindowsMessage: WindowsWSTrustBinding windowsTrust13MessageBinding = new WindowsWSTrustBinding(); // Trust13WindowsMixed: WindowsWSTrustBinding windowsTrust13MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential); // Trust13WindowsTransport: WindowsWSTrustBinding windowsTrust13TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport); // Trust13CertificateMessage: CertificateWSTrustBinding certificateTrust13MessageBinding = new CertificateWSTrustBinding(); // Trust13CertificateMixed: CertificateWSTrustBinding certificateTrust13MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential); // Trust13CertificateTransport: CertificateWSTrustBinding certificateTrust13TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport); // Trust13UserNameMessage: UserNameWSTrustBinding userNameTrust13MessageBinding = new UserNameWSTrustBinding(); // Trust13UserNameMixed: UserNameWSTrustBinding userNameTrust13MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); // Trust13UserNameBasicTransport: UserNameWSTrustBinding userNameTrust13TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic); // Trust13UserNameDigestTransport: UserNameWSTrustBinding userNameTrust13TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest); // Trust13KerberosMixed: KerberosWSTrustBinding kerberosTrust13MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential); / WS-Trust 1.3 Issued Token endpoints / IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding(); // Trust13IssuedTokenAsymmetricBasic256: issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; // Trust13IssuedTokenMixedAsymmetricBasic256: issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; // Trust13IssuedTokenMixedSymmetricBasic256: issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; // Trust13IssuedTokenSymmetricBasic256: / WS-Trust 2005 Issued Token endpoints / // TrustFeb2005IssuedTokenAsymmetricBasic256: issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005IssuedTokenMixedAsymmetricBasic256: issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005IssuedTokenMixedSymmetricBasic256: issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential; issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005; // TrustFeb2005IssuedTokenSymmetricBasic256: issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

Copy Code

/** WS-Trust 2005 endpoints **/

// TrustFeb2005WindowsMessage:
WindowsWSTrustBinding windowsTrustFeb2005MessageBinding = new WindowsWSTrustBinding();
windowsTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005WindowsMixed:
WindowsWSTrustBinding windowsTrustFeb2005MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential);
windowsTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005WindowsTransport:
WindowsWSTrustBinding windowsTrustFeb2005TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport);
windowsTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005CertificateMessage:
CertificateWSTrustBinding certificateTrustFeb2005MessageBinding = new CertificateWSTrustBinding();
certificateTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005CertificateMixed:
CertificateWSTrustBinding certificateTrustFeb2005MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential);
certificateTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005CertificateTransport:
CertificateWSTrustBinding certificateTrustFeb2005TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport);
certificateTrustFeb2005TransportBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005UserNameMessage:
UserNameWSTrustBinding userNameTrustFeb2005MessageBinding = new UserNameWSTrustBinding();
userNameTrustFeb2005MessageBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005UserNameMixed:
UserNameWSTrustBinding userNameTrustFeb2005MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
userNameTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005UserNameBasicTransport:
UserNameWSTrustBinding userNameTrustFeb2005TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic);
userNameTrustFeb2005TransportBasicBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005UserNameDigestTransport:
UserNameWSTrustBinding userNameTrustFeb2005TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest);
userNameTrustFeb2005TransportDigestBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005KerberosMixed:
KerberosWSTrustBinding kerberosTrustFeb2005MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential);
kerberosTrustFeb2005MixedBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

/** WS-Trust 1.3 endpoints **/

// Trust13WindowsMessage:
WindowsWSTrustBinding windowsTrust13MessageBinding = new WindowsWSTrustBinding();

// Trust13WindowsMixed:
WindowsWSTrustBinding windowsTrust13MixedBinding = new WindowsWSTrustBinding(SecurityMode.TransportWithMessageCredential);

// Trust13WindowsTransport:
WindowsWSTrustBinding windowsTrust13TransportBinding = new WindowsWSTrustBinding(SecurityMode.Transport);

// Trust13CertificateMessage:
CertificateWSTrustBinding certificateTrust13MessageBinding = new CertificateWSTrustBinding();

// Trust13CertificateMixed:
CertificateWSTrustBinding certificateTrust13MixedBinding = new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential);

// Trust13CertificateTransport:
CertificateWSTrustBinding certificateTrust13TransportBinding = new CertificateWSTrustBinding(SecurityMode.Transport);

// Trust13UserNameMessage:
UserNameWSTrustBinding userNameTrust13MessageBinding = new UserNameWSTrustBinding();

// Trust13UserNameMixed:
UserNameWSTrustBinding userNameTrust13MixedBinding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

// Trust13UserNameBasicTransport:
UserNameWSTrustBinding userNameTrust13TransportBasicBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Basic);

// Trust13UserNameDigestTransport:
UserNameWSTrustBinding userNameTrust13TransportDigestBinding = new UserNameWSTrustBinding(SecurityMode.Transport, HttpClientCredentialType.Digest);

// Trust13KerberosMixed:
KerberosWSTrustBinding kerberosTrust13MixedBinding = new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential);

/** WS-Trust 1.3 Issued Token endpoints **/

IssuedTokenWSTrustBinding issuedTokenBinding = new IssuedTokenWSTrustBinding();

// Trust13IssuedTokenAsymmetricBasic256:
issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey;

// Trust13IssuedTokenMixedAsymmetricBasic256:
issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential;
issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey;

// Trust13IssuedTokenMixedSymmetricBasic256:
issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential;

// Trust13IssuedTokenSymmetricBasic256:


/** WS-Trust 2005 Issued Token endpoints **/

// TrustFeb2005IssuedTokenAsymmetricBasic256:
issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey;
issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005IssuedTokenMixedAsymmetricBasic256:
issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential;
issuedTokenBinding.KeyType = SecurityKeyType.AsymmetricKey;
issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005IssuedTokenMixedSymmetricBasic256:
issuedTokenBinding.SecurityMode = SecurityMode.TransportWithMessageCredential;
issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005;

// TrustFeb2005IssuedTokenSymmetricBasic256:
issuedTokenBinding.TrustVersion = TrustVersion.WSTrustFeb2005;