Search code examples
c#wifws-trust

How do I handle ActAs tokens in WIF 4.5?

I am creating an STS using the WIF (System.IdentityModel) classes in .NET 4.5. This STS needs to handle an ActAs token. I have successfully prototyped the client to send an ActAs token, and this results in this error message on the server side:

ID3265: ActAs element was found, but there was no token handlers registered to read a ActAs element. Consider adding a valid SecurityTokenHandlerCollection to the SecurityTokenHanderCollectionManager for ActAs usage.

I see no way, however, to add a SecurityTokenHandlerCollection to the SecurityTokenHanderCollectionManager. How is this done?

I've tried what is suggested in this documentation:

<securityTokenHandlers name="ActAs">
    ...
</securityTokenHandlers>

But that results in this error:

ID0005: The input 'configElement.ElementInformation.Properties' collection does not contain a property named 'ActAs'.

The "equivalent" (according to that documentation) incantation, ServiceConfiguration.SecurityTokenHandlerCollectionManager["ActAs"] is equally unhelpful:

Unhandled Exception: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at System.IdentityModel.Tokens.SecurityTokenHandlerCollectionManager.get_Item(String usage)

Note that this documentation gives essentially the same information as 1, but is specifically for .NET 4.5.

How do I handle ActAs tokens?

Solution

  • The indexer on SecurityTokenHandlerCollectionManager is not read-only:

    // Summary:
//     Returns the security token handler collection for the specified usage.
//
// Parameters:
//   usage:
//     The usage name for the token handler collection.
//
// Returns:
//     The token handler collection associated with the specified usage.
public SecurityTokenHandlerCollection this[string usage] { get; set; }

    Simply set the SecurityTokenHandlerCollection for the given key to the desired collection:

    SecurityTokenHandlerCollectionManager["ActAs"] = new SecurityTokenHandlerCollection();
// or:
SecurityTokenHandlerCollectionManager[SecurityTokenHandlerCollectionManager.Usage.ActAs] = new SecurityTokenHandlerCollection();