Support WS2007FederationHttpBinding #4110
Comments
|
Update - Work is progressing with the WSFederationHttpBinding, can't commit to a date but it's not too far away and then we can look into what is needed for the WS2007 version of it. |
|
So a little bit of an update. It turns out that we need to implement WS2007HttpBinding for the goal of targeting support for ADFS (it requires BearerKey token type which WSFederationHttpBinding doesn't support, you need WS2007FederationHttpBinding). So support for the functionality of this binding will be available at the same time as WSFederationHttpBinding. The actual binding type itself will be different, but it should support the same functionality as the NetFx one. We aren't aiming to support every protocol variant that can be used, we're targeting the main common scenarios which should work for 99% of people. We are going to produce a single new binding which supports the features of WS2007FederationHttpBinding as well as WSFederationHttpBinding. |
|
I'd be happy to help test out the new binding once it becomes available! |
|
Any progress resolving this issue? |
|
There was some unexpected work needed in underlying dependencies, specifically IdentityModel APIs. We have been working with that team to get the issue resolved, they are actively working on it. This is a priority for us to get done and it is progressing. |
|
Is there any progress or workaround? This is the main issue holding my team back from fully switching to dotnet core because we are dependent on a third party wcf interface. |
|
We are working on some build issues, but once they are resolved we should be releasing a preview package with this functionality very soon. |
|
@m-straub, you can get the preview packages at this nuget feed: Although this is a feed for dotnet5, the WCF packages continue to only depend on netstandard2.0 which means our latest packages work on all currently supported versions of .NET Core. We have a new package System.ServiceModel.Federation which has a new binding WsFederationHttpBinding (casing is wrong, this will likely change to WSFed... in a future build). Here's some sample code for the equivalent of WS2007FederationHttpBinding: var issuerBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
issuerBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
issuerBinding.Security.Message.EstablishSecurityContext = false;
// Next, create the WsFederationHttpBinding
var binding = new WsFederationHttpBinding(new WsTrustTokenParameters
{
// Specify the issuer binding created previously and the issuer’s address
IssuerBinding = issuerBinding,
IssuerAddress = new EndpointAddress("https://<IssuerAddress>/adfs/services/trust/13/usernamemixed"),
// Be sure to choose the correct MessageSecurityVersion depending on whether the binding is for a
// Ws2007FederationHttpBinding scenario or a WsFederationHttpBinding scenario.
MessageSecurityVersion = WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10,
});If you have problems with this, please provide your existing binding. We're still shaking the bugs out of this and we haven't implemented every feature. We've implemented the most common scenarios and anything beyond that we'll evaluate based on size of work and level of demand. |
|
Can confirm its functional on .netcore3.1, would be nice to have some XML to code binding configuration converter. ws2007HttpBinding <ws2007HttpBinding>
<binding name="issuerBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
var issuerBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
issuerBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
issuerBinding.Security.Message.EstablishSecurityContext = false;ws2007FederationHttpBinding <ws2007FederationHttpBinding>
<binding name="binding" maxReceivedMessageSize="2147483647" closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="true" issuedKeyType="BearerKey">
<issuer address="https://XXX/adfs/services/trust/13/UsernameMixed" binding="ws2007HttpBinding" bindingConfiguration="adfsBinding" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>var binding = new WsFederationHttpBinding(new WsTrustTokenParameters
{
KeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey,
EstablishSecurityContext = true,
// Specify the issuer binding created previously and the issuer’s address
IssuerBinding = issuerBinding,
IssuerAddress = new EndpointAddress("https://XXX/adfs/services/trust/13/UsernameMixed"),
// Be sure to choose the correct MessageSecurityVersion depending on whether the binding is for a
// Ws2007FederationHttpBinding scenario or a WsFederationHttpBinding scenario.
MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10,
});
binding.MaxReceivedMessageSize = int.MaxValue;// 2147483647;
binding.CloseTimeout = new TimeSpan(0, 5, 0);
binding.OpenTimeout = new TimeSpan(0, 5, 0);
binding.ReceiveTimeout = new TimeSpan(0, 5, 0);
binding.SendTimeout = new TimeSpan(0, 5, 0); |
As per @mconnew's request in #8 (comment) this issue is used to track
WS2007FederationHttpBindingsupport.The text was updated successfully, but these errors were encountered: