WIF, WCF & Windows XP

Sep 24, 2010 at 12:00 PM

Just let me say that I think WIF appears to solve many issues that I have to content with.  That being said it would appear that you can not use WIF with Windows XP workstations even though WIF was written in framework 3.5 sp1.  The only way that I can see to utilitize this technology on XP is demonstrated in the folowing post http://www.leastprivilege.com/UsingSilverlightToAccessWIFSecuredWCFServices.aspx.  Now this limitation might just be for development but I can not find anything concrete in regards to this issue.  Does anyone know that answer to this question?  Also is are there any user groups or communities around WIF?  Thanks...

Coordinator
Sep 24, 2010 at 12:14 PM

WIF is not supported on XP. But there are rare reasons why you need WIF on the client at all.

The main use case would be to use WSTrustChannelFactory on the client - but thats for more specialized scenarios. What are you trying to do?

Sep 24, 2010 at 2:57 PM

I am designing a smart client that will be used in house by our employees as well as an outsourcing firm.  What I would like is the internal employees to use windows credentials whether they are working at home or on site and the outsourcing firm to use something like an ASP.NET provider.  This solution has to work with Windows XP machines.  I can develop with VS 2010 on Windows 7 so that is not an issue if that is required for WIF.  After listening to your podcast on DotNetRocks (http://www.dotnetrocks.com/default.aspx?showNum=503) and reviewing your Screen Casts on starter sts I really feel this is the way to go.  If this is possible with WIF I need to determine what I am missing within our infrastructure to make this happen.  Currently we are running AD on Windows 2003 server and it would seem that would need to be upgraded to 2008 enterprise with ADFS 2.0.  To add to the mix we are going to be using MSMQ with NServiceBus.  Which means I am going to
 have to include the token with the message. 

The other idea I had was to use create a hybrid of Window Authentication and ASP.NET provider.  When I read your blog entry (http://www.leastprivilege.com/CustomPrincipalsAndWCF.aspx) I got the idea.  The only problem your entry only addresses the role portion of the equation not user name password portion.  I can envision a new custom Principal that is basically a hybrid that calls ASP.NET provider or AD.  On codeproject I found an article(http://www.codeproject.com/KB/WCF/Custom_Authorization_WCF.aspx) that shows the principal of creating a UserNamePasswordValidator but it does not implement my idea. Is this even possible?

Basically, any advice you can provide is extremely appreciated. 

I really hope that you do get a chance to do a DNRTV episode on WIF.  Thank you for the reply and I enjoy reading your blog.

 

Coordinator
Sep 29, 2010 at 5:48 AM

Hi,

OK - WIF/ADFS is definitely the way to go - but there are some pre-requisites

- for your infrastructure - a Windows 2003 domain is fine, but ADFS needs to be installed on Server 2008 (R2). You also need 2008 licenses.

- for the clients - if your backend would be solely WCF, this would be easy since client support is built into WCF. But more "exotic" things like MSMQ (System.Messaging) or NServiceBus may require you to manually talk to an STS. The classes for that are in WIF, but XP is not supported in that scenario.

That said - you should definitely use WIF (and the claims based model) on the server side.

Sep 29, 2010 at 11:25 AM

So basically ADFS server does not need to be a domain controller, correct?

Do you have any information in regards to what kind of 2008 licensing is needed?   Is there seperate licensing for ADFS like there is for Exchange?

For issues like NServiceBus and MSMQ would you recommend putting the token into a header?  Do you know of any blogs or examples that may have some more incite into this issue?

Thanks again Dominick I look forward to hearing from you.

Coordinator
Sep 29, 2010 at 2:40 PM

Check the official WIF/ADFS forum:

http://social.msdn.microsoft.com/Forums/en-US/Geneva/threads

Sep 29, 2010 at 4:53 PM

Thanks Dominck.  I have already put in the questions.