How to: Obtain a Security Token From a Security Context Token Service

If you already have a Web service client project, added references to the Microsoft.Web.Services2 and System.Web.Services assemblies, added a Web reference to your Web service, modified the proxy class to derive from WebServicesClientProtocol, and added the appropriate using or Imports directives, skip to step 4.

To obtain a security context token from a security token service

1. Open the Web service client project in Visual Studio .NET 2003.

2. Add references to the Micrsosoft.Web.Services and System.Web.Services assemblies.

   1. In Solution Explorer, right-click References, and then click Add Reference.
   2. Click the .NET tab, select Microsoft.Web.Services2.dll, and then click Select.
   3. On the .NET tab, select System.Web.Services.dll, and then click Select.
   4. Click OK.

3. Add the following Imports or using directives to the top of the file that communicates with the Web service.

   1. In Solution Explorer, right-click the file that contains the client code, and then click View Code.

   2. At the top of the file, add the following Imports or using directives:

      Imports Microsoft.Web.Services2
      Imports Microsoft.Web.Services2.Security
      Imports Microsoft.Web.Services2.Security.Tokens
      Imports Microsoft.Web.Services2.Security.X509
      

      using Microsoft.Web.Services2;
      using Microsoft.Web.Services2.Security;
      using Microsoft.Web.Services2.Security.Tokens;
      using Microsoft.Web.Services2.Security.X509;
      

4. Create a security token to sign the security token request, which is known as a Request Security Token (RST).

   A security token service might require that the security token used to sign the RST have the capability to encrypt SOAP messages. This is because the security token used to sign the RST might also be used by the security token service to encrypt a part of the response to the security token request.

   The following code example creates a new instance of a UsernameToken security token.

   Dim username As String = Environment.UserName
   Dim passwordBytes As Byte() = GetPassword()
   Dim passwordEquivalent As String = Convert.ToBase64String( _
     passwordBytes )
   Dim token As SecurityToken = New UsernameToken(username, _
     passwordEquivalent, PasswordOption.SendHashed)
   

   string username = Environment.UserName;
   byte[] passwordBytes = GetPassword();
   string passwordEquivalent = Convert.ToBase64String( passwordBytes );
   SecurityToken token = new UsernameToken( username, passwordEquivalent, PasswordOption.SendHashed );
   

5. Create a new instance of the proxy class for security token services.

   The following code example creates a new instance of the SecurityContextTokenServiceClient proxy class using the same URL as the target Web service.

   Dim client As SecurityContextTokenServiceClient
   client = New SecurityContextTokenServiceClient(New _
     Uri("http://www.cohowinery/TokenIssuingService/secureConversation.asmx")
   

   SecurityContextTokenServiceClient client = new
     SecurityContextTokenServiceClient(new 
     Uri( "http://www.cohowinery/TokenIssuingService/secureConversation.asmx"));
   

6. Get the security token that is used to encrypt the client's entropy value. This security token, which is supplied by the security token service, typically contains the public key of an asymmetric key pair

   The proxy classes that request a security token from a security token service have several overloads that specify whether to use entropy values or a proof token. By default, WSE uses entropy values. If entropy values are not used, this step is optional.

   The following code example calls a user-defined GetSecurityToken method to obtain an X.509 certificate. To implement the GetSecurityToken method, see How to: Sign a SOAP Message Using an X.509 Certificate.

   Dim issuerToken As X509SecurityToken = GetSecurityToken()
   If (issuerToken Is Nothing) Then
      Throw New ApplicationException("Failed to retrieve the security token service's security token, which is used to to encrypt the entropy value.")
   End If
   

   X509SecurityToken issuerToken = GetSecurityToken();
   if (issuerToken == null)
      throw new ApplicationException("Failed to retrieve the security token service's security token, which is used to to encrypt the entropy value.");
   

7. Request a SecurityContextToken security token from the security context token service by calling the IssueSecurityContextTokenAuthenticated method.

   The following code example requests that a SecurityContextToken security token be issued.

   Dim sct As SecurityContextToken = _
     client.IssueSecurityContextTokenAuthenticated(token, issuerToken)
   

   SecurityContextToken sct =
     client.IssueSecurityContextTokenAuthenticated(token, issuerToken);
   

Example

The following code example demonstrates how to request a security context token from a security token service.

' Get a security token to sign the security token request sent to the
' security token service. 
Dim username as String = Environment.UserName
Dim passwordBytes As Byte() = GetPassword()
Dim passwordEquivalent As String = Convert.ToBase64String( _
  passwordBytes )
Dim token As SecurityToken = New UsernameToken(username, _
  passwordEquivalent, PasswordOption.SendHashed)

' Get the security token supplied by the security token service to
' encrypt the client's entropy value. The client's entropy value is 
' automatically generated by WSE.
' NOTE: The GetSecurityToken method is a user-defined method. This
' section of code uses the GetSecurityToken method defined in the 
' How to: Sign a SOAP Message Using an X.509 topic.
Dim issuerToken As X509SecurityToken = GetSecurityToken()
If (issuerToken Is Nothing) Then
   Throw New ApplicationException("No key provided for signature.")
End If

' Create a new instance of the proxy class for the security token 
' service that issues SecurityContextToken security tokens.
Dim client As SecurityConextTokenServiceClient
client = New SecurityContextTokenServiceClient(New _
  Uri("http://www.cohowinery/TokenIssuingService/secureConversation.asmx")

' Request the SecurityContextToken security token.
Dim sct As SecurityContextToken = _
  client.IssueSecurityContextTokenAuthenticated(token, issuerToken)

// Get a security token to sign the SOAP message sent to the
// security token service. 
string username = Environment.UserName;
byte[] passwordBytes = GetPassword();
string passwordEquivalent = Convert.ToBase64String( passwordBytes );
SecurityToken token = new UsernameToken( username, passwordEquivalent, PasswordOption.SendHashed );

// Get the security token supplied by the security token service to
// encrypt the client's entropy value. The client's entropy value is 
// automatically generated by WSE.
// NOTE: The GetSecurityToken method is a user-defined method. This
// section of code uses the GetSecurityToken method defined in the 
// How to: Sign a SOAP Message Using an X.509 Certificate topic.
X509SecurityToken issuerToken = GetSecurityToken();
if (issuerToken == null)
   throw new ApplicationException("No key provided for signature.");

// Create a new instance of the proxy class for the security token 
// service.
SecurityContextTokenServiceClient client = new
  SecurityContextTokenServiceClient(new 
  Uri( "http://www.cohowinery/TokenIssuingService/secureConversation.asmx"));

// Request the SecurityContextToken security token.
SecurityContextToken sct =
  client.IssueSecurityContextTokenAuthenticated(token, issuerToken);

See Also

Tasks

How to: Configure a Security Context Token Service

Reference

SecurityContextTokenServiceClient

Other Resources

Issuing Security Tokens