FederatedMessageSecurityOverHttp.ClaimTypeRequirements FederatedMessageSecurityOverHttp.ClaimTypeRequirements FederatedMessageSecurityOverHttp.ClaimTypeRequirements FederatedMessageSecurityOverHttp.ClaimTypeRequirements Property

Definition

Gets a collection of the ClaimTypeRequirement instances for this binding.

public:
 property System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ ClaimTypeRequirements { System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ get(); };
public System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement> ClaimTypeRequirements { get; }
member this.ClaimTypeRequirements : System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement>
Public ReadOnly Property ClaimTypeRequirements As Collection(Of ClaimTypeRequirement)

Property Value

A Collection<T> of type ClaimTypeRequirement. The default is an empty collection.

Examples

The following code shows how to access this property from the binding, and set it.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding 
       CreateWSFederationHttpBinding(bool isClient)
{
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;
  
  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = 
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadOnly);
  X509Certificate2Collection certs = store.Certificates.Find(
         X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
  store.Close();
  
  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );
  
  // Set the IssuerAddress using the address of the STS and the previously created 
     // EndpointIdentity.
  b.Security.Message.IssuerAddress = 
         new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
     // The IssuerBinding is only used on federated clients.
     if (isClient)
     {
         b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
     }

     // Set the IssuerMetadataAddress using the metadata address of the STS and the
     // previously created EndpointIdentity. The IssuerMetadataAddress is only used 
     // on federated services.
     else
     {
         b.Security.Message.IssuerMetadataAddress =
             new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
     }

     // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement 
         ("http://example.org/claim/c1", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr);
' This method creates a WSFederationHttpBinding.
Public Shared Function CreateWSFederationHttpBinding(ByVal isClient As Boolean) As WSFederationHttpBinding
  ' Create an instance of the WSFederationHttpBinding.
  Dim b As New WSFederationHttpBinding()

  ' Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message

  ' Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15

  ' Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = True

  ' Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey

  ' Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"

  ' Extract the STS certificate from the certificate store.
  Dim store As New X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser)
  store.Open(OpenFlags.ReadOnly)
  Dim certs As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", False)
  store.Close()

  ' Create an EndpointIdentity from the STS certificate.
  Dim identity As EndpointIdentity = EndpointIdentity.CreateX509CertificateIdentity (certs(0))

  ' Set the IssuerAddress using the address of the STS and the previously created 
  ' EndpointIdentity.
  b.Security.Message.IssuerAddress = New EndpointAddress(New Uri("http://localhost:8000/sts/x509"), identity)

  ' Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  ' The IssuerBinding is only used on federated clients.
  If isClient Then
	  b.Security.Message.IssuerBinding = New WSHttpBinding("Issuer")

  ' Set the IssuerMetadataAddress using the metadata address of the STS and the
  ' previously created EndpointIdentity. The IssuerMetadataAddress is only used 
  ' on federated services.
  Else
	  b.Security.Message.IssuerMetadataAddress = New EndpointAddress(New Uri("http://localhost:8001/sts/mex"), identity)
  End If

  ' Create a ClaimTypeRequirement.
  Dim ctr As New ClaimTypeRequirement("http://example.org/claim/c1", False)

  ' Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr)

Remarks

The collection returned by this property is used by the service to specify any required and optional claims which must be in the issued token the client uses to access the service. The service exposes the required claim types in metadata if WSDL publishing is enabled but WCF does not require the issued token contain the specified claim types. Services wishing to enforce required claim types are present should do using authorization policy.

On federated clients this collection contains the list of required and optional claims which is sent to the security token service in the client's request for an issued token.

Applies to