A question that I often hear these days is: “Can I connect a Windows Phone 7 device to my existing enterprise services?”.

Well – since most of my services are typically issued token based, this requires support for WS-Trust and WS-Security on the client. Let’s see what’s necessary to write a WP7 client for this scenario.

First I converted the Silverlight library that comes with the Identity Training Kit to WP7. Some things are not supported in WP7 WCF (like message inspectors and some client runtime hooks) – but besides that this was a simple copy+paste job. Very nice!

Next I used the WSTrustClient to request tokens from my STS:

private WSTrustClient GetWSTrustClient()
{
    var client = new WSTrustClient(
        new WSTrustBindingUsernameMixed(),
        new EndpointAddress("https://identity.thinktecture.com/…/issue.svc/mixed/username"),
        new UsernameCredentials(_txtUserName.Text, _txtPassword.Password));
    return client;
}

private void _btnLogin_Click(object sender, RoutedEventArgs e)
{
    _client = GetWSTrustClient();
 
    var rst = new RequestSecurityToken(WSTrust13Constants.KeyTypes.Bearer)
    {
        AppliesTo = new EndpointAddress("https://identity.thinktecture.com/rp/")
    };
 
    _client.IssueCompleted += client_IssueCompleted;
    _client.IssueAsync(rst);
}

I then used the returned RSTR to talk to the WCF service.

Due to a bug in the combination of the Silverlight library and the WP7 runtime – symmetric key tokens seem to have issues currently. Bearer tokens work fine. So I created the following binding for the WCF endpoint specifically for WP7.

<customBinding>






 
<binding name="mixedNoSessionBearerBinary">    
<security authenticationMode="IssuedTokenOverTransport"               messageSecurityVersion="WSSecurity11
WSTrust13 WSSecureConversation13 WSSecurityPolicy12 BasicSecurityProfile10">      
<issuedTokenParameters keyType="BearerKey" />    
</security>    
<binaryMessageEncoding />    
<httpsTransport/>  
</binding> </customBinding>

The binary encoding is not necessary, but will speed things up a little for mobile devices.

I then call the service with the following code:

private void _btnCallService_Click(object sender,
RoutedEventArgs e)

{

    var binding
= new CustomBinding(

        new BinaryMessageEncodingBindingElement(),

        new HttpsTransportBindingElement());

   
_proxy = new StarterServiceContractClient(

       
binding,

        new EndpointAddress("…"));

    using (var scope
= new OperationContextScope(_proxy.InnerChannel))

   
{

       
OperationContext.Current.OutgoingMessageHeaders.Add(new IssuedTokenHeader(Globals.RSTR));

        _proxy.GetClaimsAsync();

   
}

works.

download