Get started for free
Visual Studio Developer Center >
WIF WSTrustSerializationException - Claims dialect cannot be set to a custom value?

Unanswered WIF WSTrustSerializationException - Claims dialect cannot be set to a custom value?

  • Wednesday, January 19, 2011 10:05 PM
     
      Has Code
    Sign In to Vote
    0
    I have the following code trying to make an "Issue" request with WIF.

    When I run it I get the following exception. Isn't it possible to request a Security Token using Issue with a custom claim?

    Additional information: ID3257: RequestSecurityToken contains at least one Claim with a Claim value specified but the RequestClaimCollection.Dialect is set to 'urn:custom_namespace:sts:1_0'. The RequestClaimCollection.Dialect must be set to 'http://docs.oasis-open.org/wsfed/authorization/200706/authclaims' for the value to be serialized out.


    private const string CLAIMS_DIALECT = "urn:custom_namespace:sts:1_0";
private const string REQUEST_CLAIM_TYPE = "urn:custom_namespace:sts:1_0";
private const string REQUEST_CLAIM_VALUE = "urn:oasis:names:tc:SAML2.0:consent:current-explicit";



    public System.IdentityModel.Tokens.SecurityToken RequestSecurityToken(string input)
{
  System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);

  WS2007HttpBinding binding = new WS2007HttpBinding();
  binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
  binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

  var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(new Uri(STS_URL)));
  trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;

  trustChannelFactory.Credentials.ClientCertificate.Certificate = GetCertificateBySubjectName(LOCALHOST_CERTIFICATE_SUBJECT_NAME);
  trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
  trustChannelFactory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

  try
  {
    RequestSecurityToken rst = new RequestSecurityToken();

    rst.AppliesTo = new EndpointAddress(new Uri(APPLIES_TO_URL), new X509CertificateEndpointIdentity(GetCertificateBySubjectName(LOGON_SERVICE_CERTIFICATE_SUBJECT_NAME)));
    rst.ActAs = BuildSecurityTokenElementFromInput(input);
    rst.RequestType = RequestTypes.Issue;
    rst.Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5));
    rst.Claims.Dialect = CLAIMS_DIALECT;
    var requestClaim = new RequestClaim(REQUEST_CLAIM_TYPE, false, REQUEST_CLAIM_VALUE);
    rst.Claims.Add(requestClaim);

    WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

    RequestSecurityTokenResponse rstr = null;

    return channel.Issue(rst, out rstr);
  }
  finally
  {
    trustChannelFactory.Close();
  }
}