Zulfiqar's weblog

Architecture, security & random .Net

Federation over TCP streaming

Posted by zamd on July 4, 2008

Pablo described here a way to configure federation over TCP. In his approach he gets a SAML token from STS and then uses that token to get a security context token which will be used to provide actual message security throughout the session.

As message security only works in a buffered mode, so his approach is not suitable for a TCP streaming scenario. To enable federation along with TCP streaming you have to use mixed mode security (TransportWithMessageCredential) over TCP.  Let’s consider following binding which uses mixed mode security.


        <binding name="tcp" transferMode="Streamed">

          <security mode="TransportWithMessageCredential">

            <message clientCredentialType="IssuedToken"/>

            <transport clientCredentialType="Windows"></transport>




Now the trouble is that there is no way to configure STS settings in this binding configuration so your only choice is to mimic the above settings in a custom binding.


        <binding name="simpTransport">

          <security mode="Transport">

            <transport clientCredentialType="None"/>






        <binding name="tcp">

          <security authenticationMode="SecureConversation">

            <secureConversationBootstrap authenticationMode="IssuedTokenOverTransport">


                <issuer address="https://localhost:9000/STS" binding="wsHttpBinding" bindingConfiguration="simpTransport"/>





          <tcpTransport transferMode="Streamed" />



One Response to “Federation over TCP streaming”

  1. Heydar Semyari said

    Thanks for the example, even though the post is for about 5 years ago there are still a few ones like this and Pablo’s around.
    I have tried to use this approach and faced a problem. I expected that in my service implementation (ServiceBehavior) to have identity of type ClaimsIdentity (so I can obtain user’s claims) but unfortunately this is WindowsIdentity with no claim. Is there something I missed or my expectation is wrong?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: