How to delegate Facebook SecurityToken to WCF service

Question

I have the following components: WPF Application, Identity Server, WCF Web Service,

WPF Application uses WebBrowser control to authenticate using Thintecture Identity Server using WS-Federation. Identity Server has enabled Home Realm Discovery and allow authentication using Facebook, Live ID and Google. After authentication I get ReqquestSecurityTokenResponse message, which I convert into SecurityToken.

After getting this SecurityToken I want to call WebService. I think I need create ActAsToken issued again by Thintecture Identity Server, but I can't configure it.

var serviceAddress = "http://localhost:7397/Service1.svc";
var token3 = token2.ToSecurityToken();
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.SymmetricKey;
binding.Security.Message.IssuerAddress = new EndpointAddress("https://dev3.example.com/Identity/issue/wsfed");
binding.Security.Message.IssuerBinding = new WS2007HttpBinding();
var factory = new ChannelFactory<IService1Channel>(binding,
    new EndpointAddress(
        new Uri(serviceAddress),
        new DnsEndpointIdentity("dev3.example.com")));
factory.Credentials.SupportInteractive = false;
var proxy = factory.CreateChannelWithActAsToken(token3);
{

    try
    {
        var output = proxy.GetData(1);
        MessageBox.Show(output);
        proxy.Dispose();
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.ToString());
    }
}

But I get exceptions.

WebService is configured using Identity and access... VS extension.

Is this scenario possible?

Answer 1

you don't need an ActAs - you can use the CreateChannelWithIssuedToken method to create your WCF proxy.

You also need to configure bearer keys on the WCF service and client (instead of SymmetricKey).