WSTrustServiceHost Class

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

This class extends the ServiceHost class implemented by the Windows Communication Foundation (WCF) service model programming model. It is a service host for registering Security Token Services (STSs) and lets you expose an STS for use by client applications when you are not using Internet Information Services (IIS). The ServiceHost will have multiple endpoints registered based on the number of listeners registered in the configuration.

Namespace: Microsoft.IdentityModel.Protocols.WSTrust
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)


Dim instance As WSTrustServiceHost


Public Class WSTrustServiceHost
    Inherits ServiceHost
public class WSTrustServiceHost : ServiceHost
public ref class WSTrustServiceHost : public ServiceHost
public class WSTrustServiceHost extends ServiceHost
public class WSTrustServiceHost extends ServiceHost


public class MySecurityTokenServiceConfiguration : SecurityTokenServiceConfiguration
        public MySecurityTokenServiceConfiguration ()
            : base(”HelloWorldSTS”)
            SecurityTokenService = typeof(MySecurityTokenService);
// Following code snippet uses WSTrustServiceHost to expose STS for use by 
// client applications
    MySecurityTokenServiceConfiguration config = new MySecurityTokenServiceConfiguration();

    // Add the STS endoint information
    config.TrustEndpoints.Add( new ServiceHostEndpointConfiguration( "http://localhost:6000/SimpleActiveSTS", new WSHttpBinding(), typeof( IWSTrustFeb2005SyncContract ) ) );

    // Create the WS-Trust service host with our STS configuration
    using ( WSTrustServiceHost host = new WSTrustServiceHost( config, new Uri( "http://localhost:6000/SimpleActiveSTS" ) ) )
        Console.WriteLine( "SimpleActiveSTS started, press ENTER to stop ..." );


The WSTrustServiceHost class is the Windows® Identity Foundation (WIF) implementation of a Windows Communication Foundation ServiceHost that is intended to be used to integrate a WCF hosting environment with a Security Token Service (STS) built using WIF. The WSTrustServiceHost class provides a fully functioning ServiceHost that offers both integration with WCF configuration as well as WIF specific features that are configured by modifying the SecurityTokenServiceConfiguration, which is a class provided by WIF.

By default, the WSTrustServiceHost class provides the following:

  • It adds WS-Trust endpoints to the ServiceHost based on the TrustEndpoints property.

  • It enables metadata over the base addresses if the DisableWsdl property is set to false.

  • It configures the service certificate on the ServiceHost service credentials if a WIF configuration section specifies a service certificate. Note that this will override the equivalent service certificate settings in WCF configuration.

  • It integrates WIF token handlers into the security processing pipeline by calling the ExtensibleSecurityCredentials.ConfigureServiceHost method on itself.

The WSTrustServiceHost class may be overridden to customize this behavior.

Inheritance Hierarchy


Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.


Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

Change History

See Also


WSTrustServiceHost Members
Microsoft.IdentityModel.Protocols.WSTrust Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.