none
DurableIssuedToken RRS feed

  • Question

  • Hi,

    In our projects DurableIssuedToken is being used where its the exact replica of WCF Security extensions sample "DurableIssuedTokenProvider". We have FederationBinding being configured.

    At the client side ClientCredenatials is being used and at the server side, ServerCredenatils is used along with CustomTokenManager and CustomTokenAuthenticator. With this as base i have couple of questions :

    1. What is the advantage of DurableIssuedToken, i have seen IssuesToken can be cached either in cache or file cached.

    a. If its normal cache, where would IssueToken gets cached, is it internal to WCF memory or .NET memory?

    b. How do we verify that Issued Token is cached? Usually whenever service proxy is created a call hits to Security Service in case of Federation binding. for rest of the calls to service untill proxy is closed, Security service is not hit.

    2. Can we pass extra information other than Username and password with UsernameSecurity type. At the server side as mentioned we have customTokenAutheticator with CustomTokenManager.

    I have looked into CustomToken sample in WCF security extensions though, it only has client side custom Authenticator and custom manager.

    Hope i am not bringing confusion

    Thanks

    Tuesday, November 19, 2013 9:24 AM

Answers

  • Hi,

    A token provider in Windows Communication Foundation (WCF) is used to supply credentials to the security infrastructure. The token provider in general examines the target and issues appropriate credentials so that the security infrastructure can secure the message. WCF ships with a CardSpace token provider. Custom token providers are useful in the following cases:

    • If you have a credential store that the built-in token provider cannot operate with.
    • If you want to provide your own custom mechanism for transforming the credentials from the point when the user provides the details to when the WCF client uses the credentials.
    • If you are building a custom token.

    For more information:
    Durable Issued Token Provider

    • Marked as answer by XXX_K Friday, November 22, 2013 9:31 AM
    • Unmarked as answer by XXX_K Friday, November 22, 2013 9:32 AM
    • Marked as answer by XXX_K Tuesday, November 26, 2013 4:57 AM
    Thursday, November 21, 2013 9:25 AM

All replies

  • Hi,

    Does anyone have any idea, i am not sure if i have posted this in right forum or not.

    Thanks.

    Thursday, November 21, 2013 5:17 AM
  • Hi,

    A token provider in Windows Communication Foundation (WCF) is used to supply credentials to the security infrastructure. The token provider in general examines the target and issues appropriate credentials so that the security infrastructure can secure the message. WCF ships with a CardSpace token provider. Custom token providers are useful in the following cases:

    • If you have a credential store that the built-in token provider cannot operate with.
    • If you want to provide your own custom mechanism for transforming the credentials from the point when the user provides the details to when the WCF client uses the credentials.
    • If you are building a custom token.

    For more information:
    Durable Issued Token Provider

    • Marked as answer by XXX_K Friday, November 22, 2013 9:31 AM
    • Unmarked as answer by XXX_K Friday, November 22, 2013 9:32 AM
    • Marked as answer by XXX_K Tuesday, November 26, 2013 4:57 AM
    Thursday, November 21, 2013 9:25 AM
  • Hi,

    Thanks for replyaing and sharing information.

    Can u please provide more details related to each of the below listed points:

    1. Need to pass extra field of type string from Client to Server in case of DurableIssuedToken example along with Username and password. Since current DurableIssuedTokenClient is derived from ClientCredentials.

      In this default GenericXmlSecurityToken is being used.

    Is their any what of passing extra information other than username and password to Security Token Service.

    2. In case of DurableIssuedToken sample , In memory caching is has no code other than calling base implementation. our project uses In memory cache. My i know where does these tokens get stored.

    Your replay to above questions are higly appreciated.

    Thanks

    Friday, November 22, 2013 9:40 AM
  • Hi,

    Any response.

    Thanks

    Monday, November 25, 2013 5:14 AM
  • Hi,

    Any reply to this would help me to move furthure.

    Thanks

    Tuesday, November 26, 2013 4:57 AM