How to integrate SAML authentication into WCF web service application

wcf saml saml-2.0
wcfvemi picture wcfvemi · Sep 4, 2011 · Viewed 9.7k times · Source

I have a WCF web service application built and tested on IIS7. Regarding authentication I wanted to implement a sql server hosted userd id and password authentication for consumers accessing the operations in the web service. However I was told that my company policy dictates that I implement SAML into my web service. That means any client that is accessing my web service operations need to be authenticated using SAML 2.0. I am not familiar with SAML but like to know and get started on how to implement it within my web serivice. I keep hearing two terms - Service Provider and Identity Provider, based on definitions on the web, I am assuming the service provider is my web service. identity provider is where the user authenticates to and the identity provider provides a assertion to my web service and then I let the client access the operations. I understand the theory but not sure how to put into practical implementation. Clients accessing my web service are not internal , i.e. they are external (extranet clients), so in this case what will be the identity provider and how do I add code to my web serice to make it a service provider?

I hope you understand my dilemma, can anyone explain the approach I need to take and any samples or tutorials that help me complete the web service is greatly appreciated.

Answer

Ladislav Mrnka picture Ladislav Mrnka · Sep 4, 2011

I think SAML 2.0 is not provided by standard WCF. To make it work you must combine WCF with WIF (Windows identity foundation). Here you have very complex example of usage WCF with WIF and claim based authorization. The example uses SAML 1.1 but it is only configuration change to make it work with SAML 2.0.

Your problem is generally called Federated authentication or Federated identity where user authenticates against STS (service token service) and it receives security token (it can be for example SAML token). Than the client calls real service (RP - relaying party) where it passes its security token. So what are you going to build? If your company policy demands SAML usage they most probably already have STS and you just need to authenticate clients by SAML tokens as mentioned in the article.

Related questions

Collection was modified; enumeration operation may not execute

I can't get to the bottom of this error, because when the debugger is attached, it does not seem to occur. Collection was modified; enumeration operation may not execute Below is the code. This is a WCF server in a …

Read More
No connection could be made because the target machine actively refused it 127.0.0.1:3446

I'm using the WCF4.0 template -REST. I'm trying to make a method that uploads a file using a stream. The problem always occur at Stream serverStream = request.GetRequestStream(); Class for streaming: namespace LogicClass { public class StreamClass : IStreamClass { public bool UploadFile(…

Read More
WCF - How to Increase Message Size Quota

I have a WCF Service which returns 1000 records from database to the client. I have an ASP.NET WCF client (I have added service reference in asp.net web application project to consume WCF). I get the following message when …

Read More