I know this an old post, but I am adding my answer in case if someone is still searching for the answer. This issue is addressed in Microsoft.IdentityModel.Tokens version 5.1.3. There is an overloaded method available in the CreateJwtSecurityToken function which accepts the encrypting credentials to encrypt the token. If the receiver does not validate … Read more
I spent several months working on trying to solve this problem and after spending a long time working with Microsoft SharePoint and WIF engineers came to the conclusion that this is not possible. It appears that the issue is basically what Kirk alludes to. When creating an impersonated session using Claims (e.g. creating an SPClaim … Read more
You should use identity to add or remove a claim. Try this to add a claim. var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; identity.AddClaim(new Claim(ClaimTypes.Role, “somenewrole”)); To remove a claim, var user = User as ClaimsPrincipal; var identity = user.Identity as ClaimsIdentity; var claim = (from c in user.Claims where … Read more
Generally you will only want to utilize one token at each step. So if you need to merge up claims, you will want to do that at the claims transformation step of the second STS. So the flow would be authenticate with STS1, then authenticate with STS2 with the token from STS1. At that point … Read more
The thing is, ClaimsPrincipal contains just a collection of identities and points to the currently used one but as far as I know, the principal usually never contains more than 1 identity and even if it would – the user is never logged in with 2 or more identities. This is a wrong assumption. In … Read more
ADFS (Active Directory Federation Services) – Off-the-shelf Security Token Service (STS) produced by Microsoft and built on Windows Identity Foundation (WIF). Relies on AD for authentication. Can be used in active (SOAP web services) or passive (web sites) scenarios and supports SAML tokens, WS-Federation, WS-Trust and SAML-Protocol. It can be used as an Identity Provider … Read more
Within the package there is a class called JwtSecurityTokenHandler which derives from System.IdentityModel.Tokens.SecurityTokenHandler. In WIF this is the core class for deserialising and serialising security tokens. The class has a ReadToken(String) method that will take your base64 encoded JWT string and returns a SecurityToken which represents the JWT. The SecurityTokenHandler also has a ValidateToken(SecurityToken) method … Read more
WCF has gotchas in a few areas with streaming (I’m looking at you, MTOM1) due to a fundamental issue in how it fails to perform preauthentication the way most people would think that should work (it only affects subsequent requests for that channel, not the first request) Ok, so this is not exactly your issue … Read more