I have not seen many questions related to Geneva, I posted this question in the Geneva Forum ...
I am working on a scenario in which we have an application for forms of winnings with a wide installation base, which will cause frequent calls to various services placed by us centrally throughout this operation.
All services are used within the framework of the Geneva Framework Program, and all customers are expected to first call our STS to issue a token in order to allow access to these services.
Out of the box, using ws2007FederationHttpBinding, the application can be configured to receive a token from STS before each service call, but obviously this is not the most efficient way, since we almost duplicate the effort of calling the services.
Alternatively, I injected the code needed to extract the token βmanuallyβ from the application, and then transferred the same previously extracted token when invoking operations on services (based on the WSTrustClient and helpon the forum sample); this works well, and so we have a solution, but I believe that it is not very elegant, since it requires creating a WCF channel in the code, moving away from the wonderful WCF configuration.
I prefer the ws2007FederationHttpBinding approach, where the client simply calls the service, like any other WCF service, without knowing anything about Geneva, and the bindings take care of the token exchange.
Then someone (John Simpson) gave me [what I think] a great idea - add a service hosted in the application itself to cache locally extracted tokens. The local cache service will execute the same contract as the STS; upon receipt of the request, it will check if a cahced token exists, and if it returns it, otherwise it will call a "real" STS, retrieve a new token, cache it and return it. The client application can then use ws2007FederationHttpBinding, but instead of having STS as the issuer, it will have a local cache;
Thus, I think that we can achieve the best of both worlds - caching tokens without a service code; Our cache should be able to process tokens for all RPs.
, , , - , - -
( ) , - - STS , , RP. .
, , cahce , MessageSecurityException -
" . , , , . , ".
-, ? , , WSTrustClient, ; ? ? ?
( , ) -
static LocalTokenCache.STS.Trust13IssueResponse cachedResponse = null;
public LocalTokenCache.STS.Trust13IssueResponse Trust13Issue(LocalTokenCache.STS.Trust13IssueRequest request)
{
if (TokenCache.cachedResponse == null)
{
Console.WriteLine("cached token not found, calling STS");
//create proxy for real STS
STS.WSTrust13SyncClient sts = new LocalTokenCache.STS.WSTrust13SyncClient();
//set credentials for sts
sts.ClientCredentials.UserName.UserName = "Yossi";
sts.ClientCredentials.UserName.Password = "p@ssw0rd";
//call issue on real sts
STS.RequestSecurityTokenResponseCollectionType stsResponse = sts.Trust13Issue(request.RequestSecurityToken);
//create result object - this is a container type for the response returned and is what we need to return;
TokenCache.cachedResponse = new LocalTokenCache.STS.Trust13IssueResponse();
//assign sts response to return value...
TokenCache.cachedResponse.RequestSecurityTokenResponseCollection = stsResponse;
}
else
{
}
//...and reutn
return TokenCache.cachedResponse;