FederatedMessageSecurityOverHttp.IssuerBinding Property

Definition

Gets or sets the binding to be used by the client when communicating with the security token service whose endpoint address equals IssuerAddress.

public:
 property System::ServiceModel::Channels::Binding ^ IssuerBinding { System::ServiceModel::Channels::Binding ^ get(); void set(System::ServiceModel::Channels::Binding ^ value); };
public System.ServiceModel.Channels.Binding IssuerBinding { get; set; }
member this.IssuerBinding : System.ServiceModel.Channels.Binding with get, set
Public Property IssuerBinding As Binding

Property Value

The Binding to be used by the client when communicating with the security token service.

Examples

The following code shows how to access this property from the binding, and set it.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding 
    CreateWSFederationHttpBinding(bool isClient)
{
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;
  
  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = 
      "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadOnly);
  X509Certificate2Collection certs = store.Certificates.Find(
      X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
  store.Close();
  
  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );
  
  // Set the IssuerAddress using the address of the STS and the previously created 
  // EndpointIdentity.
  b.Security.Message.IssuerAddress = 
      new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  // The IssuerBinding is only used on federated clients.
  if (isClient)
  {
      b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
  }
' This method creates a WSFederationHttpBinding.
Public Shared Function CreateWSFederationHttpBinding(ByVal isClient As Boolean) As WSFederationHttpBinding
  ' Create an instance of the WSFederationHttpBinding.
  Dim b As New WSFederationHttpBinding()

  ' Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message

  ' Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15

  ' Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = True

  ' Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey

  ' Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"

  ' Extract the STS certificate from the certificate store.
  Dim store As New X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser)
  store.Open(OpenFlags.ReadOnly)
  Dim certs As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", False)
  store.Close()

  ' Create an EndpointIdentity from the STS certificate.
  Dim identity As EndpointIdentity = EndpointIdentity.CreateX509CertificateIdentity (certs(0))

  ' Set the IssuerAddress using the address of the STS and the previously created 
  ' EndpointIdentity.
  b.Security.Message.IssuerAddress = New EndpointAddress(New Uri("http://localhost:8000/sts/x509"), identity)

  ' Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  ' The IssuerBinding is only used on federated clients.
  If isClient Then
      b.Security.Message.IssuerBinding = New WSHttpBinding("Issuer")

Remarks

This property is used to specify the binding that is used by the client between the client and the security token service when obtaining credentials for the service.

Note that this property does not need to be populated on the service, since it is only consumed by the client.

Applies to