I have been playing with claim based security lately, particularly with windows identity foundation. I hit the wall when I wanted to create a custom security token service based on MVC.NET. The default visual studio template for an STS project is a website type of project.
The core of the STS is the federationmetadata.xml file that advertises the claims that are issued by the STS. This file is generated by visual studio every time you create a new STS project. It is a digitally signed xml document so no way to manually change it.
One way to solve my problem is to generate an STS website every time I want to change something in the metadata, but this is not that nice.
The other way is to use the classes in the Microsoft.IdentityModel.Protocols.WSFederation.Metadata namespace. Which is fine but far too complex. What I did instead is:
var vsToolsAssembly = Assembly.LoadFrom("Microsoft.IdentityModel.Tools.VS.dll");
Type metadataUtilityType = vsToolsAssembly
.GetType("Microsoft.IdentityModel.Tools.VS.MetadataUtility");
metadataUtilityType.InvokeMember("GenerateMetadata",
BindingFlags.Default |
BindingFlags.Public |
BindingFlags.Static |
BindingFlags.InvokeMethod,
null,
null,
new object[] {"CN=STSTestCert",
"CN=STSTestCert",
passiveSTSUrl,
passiveSTSUrl,
isActiveStsType,
claimsOffered,
fullPath});
I am basically calling the code that VS calls when creating the STS You can download the whole solution from here.
Posts
