Home > Identity Server > Identity Server v3 LOB Part 3 Clients

Identity Server v3 LOB Part 3 Clients

This is Part 3 of a series of three posts about setting up and configuring Identity Server for a Line of Business application.

Links

Intro Identity Server v3 Walk through for LOB application

Part 1 Hosting Identity Framework With IIS

Part 2 IDSv3 Web Api & WCF Configuration

Part 3 IDS Client Walkthrough

Client Sample Code

Identity Server Code

In Part 3, we’re going to walk through the MyJWTConsole application which is a simple console application which gets a JWT token and makes calls to a Web Api service and then a WCF service.

As mentioned in Part 2, to build a WSDL from an WCF using the BearerTokenMessageInspector, you must disable this in the web.config file of the WCF service first. Generate the service reference and then re-enable the message inspector.

The rest of the code in this sample, took from the Identity Server Simple Oauth authentication sample. The main point of interest in this sample over the original sample is how to build an HTTP Authorization header to pass a Bearer JWT token to WCF.

At this time, only a JWT token retrieved from the GetUserToken() endpoint can be used for making a WCF service call to a WCF service utilizing our custom BearerTokenMessageInspector. (Please read Part 2 for more information on the BearerTokenMessageInspector.)

The console application call to GetClientToken results in an AccessToken. At this time there we don’t have code in place in the WCF solution to build a ClaimsPrincipal from the AccessToken generated from GetClientToken. If somebody knows how to do this, please send the code and I’ll update Part 2 of this series to include the code.

For now, the CallWCF() method is what we’ll discuss. I found the code to build an HttpRequest header from this post.

First an HttpRequestProperty is instantiated. Then an Authorization Bearer header is added. Then the WCF Operation context is instantiated and then the Authorization header is added to the OperationScopeContext.

This Authorization header is what’s inspecting in the WCF Bearer Token inspector we created in Part 2 of this series. It’s important that the header starts with the Bearer text, space and then the Jwt token. If not, then the WCF bearer inspector will reject the request.

Once the authorization header is added, then you use the WCF client to call your service endpoints as normal.

Here is the code to build the header:


static
void CallWcf(TokenResponse token)

{


var _httpRequestProperty = new
HttpRequestMessageProperty();

 

_httpRequestProperty.Headers[HttpRequestHeader.Authorization] = string.Format(“Bearer {0}”, token.AccessToken);


//_httpRequestProperty.Headers[HttpRequestHeader.Authorization] = string.Format(“Bearer {0}”, _token.AccessToken);


var _wcfClient = new
Service1Client();

 


var _context = new
OperationContext(_wcfClient.InnerChannel);

 


using (new
OperationContextScope(_context))

{

_context.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = _httpRequestProperty;

 


var _response = _wcfClient.GetData(10);

 


Console.WriteLine(string.Format(“WCF GetData() Call: {0}”, _response));

 

}

}

We like to build client service classes as PCL and add create the Service references in these classes. We then abstract away code such as setting up the Http Header. We also do this because we convert data we receive from services into Models which we can do things such as add validation code, calculated properties, implement IEditable and such.

In closing, most of the heavy lifting was done in WCF covered in Part 2. We hope these samples and posts will help others trying to figure out how to integrate Identity into their applications. Then we also hope they can help build off what we’ve started with the goal of making it easier and easier for developers to implement good solid security into their applications without it taking up so much time.

Please share any comments or send any updates you have that may help others.

Kris Frost

Lead Software Architect

SmartLogix, Inc

 

 

Advertisements
Categories: Identity Server
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: