Zulfiqar's weblog

Architecture, security & random .Net

Live ID Authentication for Rich Clients

Posted by zamd on March 18, 2009

Disclaimer: Please note following approach works but is totally unsupported.

Active version of Live ID STS is available at: https://dev.login.live.com/wstlogin.srf and we can get a SAML token by using standard WS-Security username token as input.


            var issuer = https://dev.login.live.com/wstlogin.srf;

            var binding = new WSHttpBinding();

            binding.Security.Mode = SecurityMode.TransportWithMessageCredential;

            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

            binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

            binding.Security.Message.EstablishSecurityContext = false;

            binding.Security.Message.NegotiateServiceCredential = false;



            WSTrustClient client = new WSTrustClient(binding, new EndpointAddress(issuer),

                TrustVersion.WSTrustFeb2005, new ClientCredentials());

            client.ClientCredentials.UserName.UserName = zamd@liveid.com;

            client.ClientCredentials.UserName.Password = “password “;


            var rst = new RequestSecurityToken(RequestTypeConstants.Issue);

            rst.AppliesTo = new EndpointAddress(http://zamd.net);


            RequestSecurityTokenResponse rstr;

            var token = client.Issue(rst, out rstr) as GenericXmlSecurityToken;

One Response to “Live ID Authentication for Rich Clients”

  1. Dario said

    I’m attempting to do the same thing using newer versions of WIF but my request fails with “Invalid Request”. Here is my code:

    // Binding used to communicate with the Security Token Service (STS).
    UserNameWSTrustBinding binding = new UserNameWSTrustBinding(SecurityMode.Transport);

    // Address of the STS.
    EndpointAddress address = new EndpointAddress(“https://dev.login.live.com/wstlogin.srf”);

    // Channel factory used to submit credentials to STS.
    WSTrustChannelFactory channelFactory = new WSTrustChannelFactory(binding, address);
    channelFactory.TrustVersion = TrustVersion.WSTrustFeb2005;
    channelFactory.Credentials.UserName.UserName = username;
    channelFactory.Credentials.UserName.Password = password;

    WSTrustChannel channel = (WSTrustChannel)channelFactory.CreateChannel();

    // Build the Request for Security Token (RST).
    RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue);
    rst.AppliesTo = new EndpointAddress(appliesTo);
    rst.KeyType = keyType;

    // Perform operation to receive the Request for Security Token Response (RSTR).
    RequestSecurityTokenResponse rstr = null;
    token = channel.Issue(rst, out rstr);

    Could you please help me figure this out?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: