none
How to get ClientCredentials from the service? RRS feed

  • Question

  • I've got a web service that requests a token from an in-house STS with the idea that to call a web method, I push username/pword onto the message header of the first method call, the STS issues a token for subsequent calls, and the rest of the conversation can take place without passing any credential info due to the token being passed on the message headers. However, when I try to put the user/pword onto the message:

    var createService = new Svc.AdminServiceClient();
    createService.ChannelFactory.Credentials.SupportInteractive = false;
    createService.ClientCredentials.UserName.UserName = "myuser@company.com";
    createService.ClientCredentials.UserName.Password = "mypassword";
    

    The server-side isn't able to access these values. My STS's Issue method receives a user principle, but it's a Windows one...the username is a domain-qualified name, and all the claims are Windows ones. AFAIK, I've got my STS set up to not use Windows:

    <ws2007HttpBinding>
        <binding>
            <security mode="Message">
                <message establishSecurityContext="False"
                            clientCredentialType="UserName"/>
                <transport clientCredentialType="None"/>
            </security>
        </binding>
    </ws2007HttpBinding>
    
    Just on a whim, I've also changed establishSecurityContext="true", but my principle still shows up as WindowsPrinciple.

    Monday, March 3, 2014 11:03 PM

All replies

  • Can you see the username within the service using ServiceSecurityContext.Current.PrimaryIdentity.Name or is that how you are seeing the Windows one? 

    Christine A. Piffat

    Monday, March 3, 2014 11:30 PM
  • That returns a GenericIdentity, but the Name is "", and there is no Password member. I'm trying a custom username validator at the moment, but I'm getting really bizarre stuff, like the runtime saying my validator class doesn't exist (sometimes it doesn't show up in GetTypes(), sometimes it does...I've never really seen behavior like this before; I'm also getting a ton of IDE errors like constant file locks on my PDFs, so maybe the debugger is screwy?)
    Monday, March 3, 2014 11:38 PM
  • I'll add that I've also tried overriding the claimsAuthenticationManager, but even that (and I do have useIdentityConfiguration="true" on my <serviceCredentials/>) does nothing - my breakpoint on Authenticate is not called, and STS.Issue is called with a WindowsIdentity being passed in...no generic identity contains my user/password.
    Tuesday, March 4, 2014 9:03 PM