A hotfix is available that lets you use the Security Token Reference-Transform mechanism to reference issued tokens in a .NET Framework 3.5-based WCF application

Article translations Article translations
Article ID: 974842 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

In the Microsoft .NET Framework 3.5-based Windows Communication Foundation (WCF) application, you expect to sign an issued token that is referenced by using the token ID or the token uniform resource identifier (URI). However, certain token formats prevent the tokens from being referenced by using the ID or the URI. This hotfix lets you use the Security Token Reference-Transform (also known as STR-Transform) mechanism to reference issued tokens in a SOAP message in WCF.

To implement this mechanism, the UseStrTransform property in WCF was added to the IssuedTokenParameter class. When the UseStrTransform property is set to false, the issued token that is in the SOAP message is referenced by using the ID or the URI. When the UseStrTransform property is set to true, the issued token is referenced by Security Token Reference-Transform.

Before you use the Security Token Reference-Transform mechanism, make sure that the following conditions are true:
  • The SOAP message contains an issued token.
  • The UseStrTransform property in the corresponding IssuedTokenParameter object is set to true.
  • The issued token is added to the SOAP message as a signed supporting token or as a SignedEndorsing supporting token.
Note The format of the issued token is in Security Assertion Markup Language (SAML) 1.1 or in SAML 2.0.

MORE INFORMATION

Windows Server 2003 and Windows XP

To use this STR-Transform mechanism in Windows XP or in Windows Server 2003, download and apply the hotfix that is described in Microsoft Knowledge Base article 980588. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
980588 A hotfix is available that supports WCF service to use HOST SPN that is registered for computer account in the .NET Framework 3.5

Windows Vista and Windows Server 2008

To use this STR-Transform mechanism in Windows Vista or in Windows Server 2008, download and apply the hotfix that is described in Microsoft Knowledge Base article 981001. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
981001 A hotfix rollup is available for Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows Vista SP2 and Windows Server 2008 SP2

Windows 7 and Windows Server 2008 R2

To use this STR-Transform mechanism in Windows 7 or in Windows Server 2008 R2, download and apply the hotfix that is described in Microsoft Knowledge Base article 981002. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
981002 A hotfix rollup is available for Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows 7 and Windows Server 2008 R2

Sample code for the Security Token Reference-Transform mechanism

The following sample code shows how to use the Security Token Reference-Transform mechanism in the WCF .config file:
<bindings>
      <customBinding>
        <binding name="WS2007FederationHttpBinding_IClaimsAwareWebService">
          <security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12">
            <secureConversationBootstrap authenticationMode="IssuedTokenForCertificate" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12">
              <issuedTokenParameters useStrTransform="true">
                <issuer address="http://localhost:8000/sts/windows" binding="ws2007HttpBinding" />
                <issuerMetadata address="http://localhost:8000/sts/mex" />
              </issuedTokenParameters>
            </secureConversationBootstrap>
          </security>
          <textMessageEncoding />
          <httpTransport/>
        </binding>
      </customBinding>
</bindings>

Properties

Article ID: 974842 - Last Review: October 7, 2011 - Revision: 3.0
APPLIES TO
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5 Service Pack 1
Keywords: 
kbexpertiseadvanced kbsurveynew kbqfe KB974842

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com