Home/ Questions/Q 161979
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T11:18:34+00:00

I’ve got a simple client-server application based on TcpClient/TcpListener and SslStream. Clients can authenticate

  • 0

I’ve got a simple client-server application based on TcpClient/TcpListener and SslStream. Clients can authenticate themselves to the server using a X509Certificate or by sending a user name and password after the SslStream has been established.

WCF makes use of the System.IdentityModel namespace for authentication purposes, but apparently that can be used in arbitrary applications–which sounds interesting. Information on how to do this is sparse though (or my Google foo is weak today).

So, my question is: What do I need to do to integrate System.IdentityModel with my application? I’m not sure if I need all that ClaimSet stuff, but it would be nice if users could log in just using their Windows account or any other provided authentication mechanism. (Unfortunately I can’t just switch to WCF but have to use the custom protocol, although I can make some changes to it if necessary.)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. My Google foo was indeed weak. The answer is right behind the link in my question. So here are a couple of links to this blog in case somebody has the same question eventually.

    First, you should try to understand ‘that claim set stuff’:

    Then, you need to know where claim sets come from:

    Armed with this knowledge, it actually becomes quite simple.

    If I understand it correctly, the basic workflow would be something like this:

    1. Client creates a SecurityToken using a SecurityTokenProvider
    2. Client serializes the SecurityToken using a SecurityTokenSerializer
    3. Server deserializes the SecurityToken using a SecurityTokenSerializer
    4. Server creates IAuthorizationPolicys using a SecurityTokenAuthenticator
    5. Server creates AuthorizationContext from IAuthorizationPolicys
    6. Done

    Example:

    // Create the SecurityTokenProvider var p = new UserNameSecurityTokenProvider('username', 'password');  // Get the SecurityToken from the SecurityTokenProvider var t = p.GetToken(TimeSpan.FromSeconds(1.0)) as UserNameSecurityToken;  // ... transmit SecurityToken to server ...  // Create the SecurityTokenAuthenticator var a = new CustomUserNameSecurityTokenAuthenticator(     UserNamePasswordValidator.None);  // Create IAuthorizationPolicies from SecurityToken var i = a.ValidateToken(t);  // Create AuthorizationContext from IAuthorizationPolicies var c = AuthorizationContext.CreateDefaultAuthorizationContext(i); ShowClaims(c.ClaimSets);

    For X509SecurityTokens use a X509SecurityTokenProvider/Authenticator. For WindowsSecurityTokens there’s a WindowsSecurityTokenAuthenticator but not a provider; instead, use the WindowsSecurityToken constructor:

    var t = new WindowsSecurityToken(WindowsIdentity.GetCurrent());

    This works quite well. The only thing I omitted so far above is the token serialization. There is a SecurityTokenSerializer class which has one implementation in the .NET framework: the WSSecurityTokenSerializer class which comes with WCF.

    Serializing UserNameSecurityTokens and X509SecurityTokens works like a charm (haven’t tried deserialization), but WindowsSecurityTokens are apparently not supported by the serializer. This leaves me with the two authentication methods that I already have (certificates and username/password) and, as I didn’t want that AuthorizationContext anyway, I’ll stick with what I have 🙂

    • 0