Home/ Questions/Q 8246639
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T22:34:21+00:00

I would really appreciate some help in understanding how Claims are used in a

  • 0

I would really appreciate some help in understanding how Claims are used in a local desktop app. Here’s the scenario: I want to display a tab f.e. depending on wether the user has a claim like “AnalysisAllowed:true”. So I want to fetch the claims at app start and bind against them later.

All samples are talking about how to make WCF use Authorization- and AuthenticationManagers to do claims-based calls to other WCF-Services but I just want to contact the sts (how do I do that? WCF-Fed Binding?) and than cache the stuff to use it. No other Service calls… 🙂

Thanks a lot!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the default configuration (client & STS), the tokens you get will be encrypted (apart from being signed). If you own the whole thing (client and services), then you can tweak some knobs so that the token can be “readable” from the client (hence, not encrypted).

    Here you have some code that will give you an unencrypted SAML token from ADFS (the key thing is to ask for a “bearer” token and configure ADFS relying party without an encryption certificate). 

    private static SecurityToken GetSamlToken(string realm, string stsEndpoint, ClientCredentials clientCredentials)
{
    using (var factory = new WSTrustChannelFactory(
        new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), 
        new EndpointAddress(new Uri(stsEndpoint))))
    {
        factory.Credentials.UserName.UserName = clientCredentials.UserName.UserName;
        factory.Credentials.UserName.Password = clientCredentials.UserName.Password;
        factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        factory.TrustVersion = TrustVersion.WSTrust13;

        WSTrustChannel channel = null;

        try
        {
            var rst = new RequestSecurityToken
                          {
                              RequestType = WSTrust13Constants.RequestTypes.Issue, 
                              AppliesTo = new EndpointAddress(realm), 
                              KeyType = KeyTypes.Bearer, 
                          };

            channel = (WSTrustChannel)factory.CreateChannel();

            return channel.Issue(rst);
        }
        finally
        {
            if (channel != null)
            {
                channel.Abort();
            }

            factory.Abort();
        }
    }

    Once you have the token you can use LINQ to XML or WIF to get the ClaimsIdentity out of the SecurityToken. Make sure you are using SSL between the client and the STS and the services.

    A second option you have is to rely on the services to return the list of claims. It’s one more request, but you will do it at the same time the users logs in and then cache those claims until the token expires.

    public IEnumerable<Claim> GetUserClaims() {
      // get Thread.CurrentPricinpal IClaimsIdentity and grab the claims
}
    • 0