Windows Phone 7 and WS-Trust
- by Your DisplayName here!
A question that I often hear these days is: “Can I connect a Windows Phone 7 device
to my existing enterprise services?”.
Well – since most of my services are typically issued token based, this requires support
for WS-Trust and WS-Security on the client. Let’s see what’s necessary to write a
WP7 client for this scenario.
First I converted the Silverlight library that comes with the Identity Training Kit
to WP7. Some things are not supported in WP7 WCF (like message inspectors and some
client runtime hooks) – but besides that this was a simple copy+paste job. Very nice!
Next I used the WSTrustClient to request tokens from my STS:
private WSTrustClient GetWSTrustClient()
{
var client
= new WSTrustClient(
new WSTrustBindingUsernameMixed(),
new EndpointAddress("https://identity.thinktecture.com/…/issue.svc/mixed/username"),
new UsernameCredentials(_txtUserName.Text,
_txtPassword.Password));
return client;
}
private void _btnLogin_Click(object sender, RoutedEventArgs e)
{
_client = GetWSTrustClient();
var rst
= new RequestSecurityToken(WSTrust13Constants.KeyTypes.Bearer)
{
AppliesTo = new EndpointAddress("https://identity.thinktecture.com/rp/")
};
_client.IssueCompleted += client_IssueCompleted;
_client.IssueAsync(rst);
}
I then used the returned RSTR to talk to the WCF service.
Due to a bug in the combination of the Silverlight library and the WP7 runtime – symmetric
key tokens seem to have issues currently. Bearer tokens work fine. So I created the
following binding for the WCF endpoint specifically for WP7.
<customBinding>
<binding name="mixedNoSessionBearerBinary">
<security authenticationMode="IssuedTokenOverTransport" messageSecurityVersion="WSSecurity11
WSTrust13 WSSecureConversation13 WSSecurityPolicy12 BasicSecurityProfile10">
<issuedTokenParameters keyType="BearerKey" />
</security>
<binaryMessageEncoding />
<httpsTransport/>
</binding> </customBinding>
The binary encoding is not necessary, but will speed things up a little for mobile
devices.
I then call the service with the following code:
private void _btnCallService_Click(object sender,
RoutedEventArgs e)
{
var binding
= new CustomBinding(
new BinaryMessageEncodingBindingElement(),
new HttpsTransportBindingElement());
_proxy = new StarterServiceContractClient(
binding,
new EndpointAddress("…"));
using (var scope
= new OperationContextScope(_proxy.InnerChannel))
{
OperationContext.Current.OutgoingMessageHeaders.Add(new IssuedTokenHeader(Globals.RSTR));
_proxy.GetClaimsAsync();
}
}
works.
download
