.NET 3.0 (WinFX) July CTP Cardspace samples that works ...

The trouble with being part of the early adopters curve is that most of the time, your time is spend very unproductively trying to figure out, if samples dont work well, the reason why.

Is it a bad installation? bad configuration? corrupted downloads? or just simply the fact that the product team, while in a rush to get things out, forgot to update or remove the "deprecated" samples ?

While working very deeply with _WCS_ for a few months now and I mean doing "real" work for "real" clients, I would be one of the first to keep up to date on the new and upcoming Cardspace technicals.

While downloading and installing the July CTP SDK Cardspace samples, I found out that both the Cardspace SDK samples could not work at all - out of the box. I installed the CTP and the SDK twice to make sure that I didnt screw up the first time around (that means an hour of unproductive time wasted).

I was rather shocked when I found out that the Cardspace SDK samples have been deprecated BUT have not been removed by the team in time and my frustrations grew when the new working samples have not been uploaded in time as promised.

Who can I blame ? - No one forced me to be part of the Early Adopter's curve and no one asked me to download the July CTP SDK and its samples. Afterall, it is supposed to be an eagerly-anticipated drop. That said, the previous samples, in some way or another, have not been working too well at all. Some works perfectly on the local machine but have some troubles going out to the wild, while others like the June CTP, had its own host of problems.

So, what better way to do this than to roll-up-your sleeves and do-it-yourself ? While doing some reflecting, I found out some of the Cardspace July CTP SDK samples had not had its config and script files updated.

  • The setup scripts had some errors. > set InfoCardServiceName="idsvc". Therefore, it is "net start idsvc". I answered my own post here.
  • For the Simple Infocard sample under Basic\Bindings\WS\Infocard\Simple. Service config should have their behavior element changed as such. The issuedTokenAuthentication element is a key change/update.

    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceCredentials">
          <serviceCredentials>
            <serviceCertificate findValue="Whatever_you_are_using" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
     <issuedTokenAuthentication allowUntrustedRsaIssuers="true"/>
          </serviceCredentials>
          <serviceDebug includeExceptionDetailInFaults="False" />
    <serviceMetadata httpGetEnabled="true" />
  </behavior>
      </serviceBehaviors>
    </behaviors>

      <service name="Microsoft.ServiceModel.Samples.CalculatorService"
    behaviorConfiguration="ServiceCredentials">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="requireInfoCard"
       contract="Microsoft.ServiceModel.Samples.ISecureCalculator" >
          <identity>
            <certificateReference findValue="Whatever_you_are_using" x509FindType="FindBySubjectName"
       storeLocation="LocalMachine"
       storeName="My" />
          </identity>
        </endpoint>
  <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
      </service>

   <bindings>
  <wsHttpBinding>
   <binding name="requireInfoCard">
          <security mode="Message">
            <message clientCredentialType="IssuedToken" establishSecurityContext="true" negotiateServiceCredential="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

  • For the app config. Take note:

  <system.serviceModel>
    <client>
      <endpoint address="http://swmvm2k3/ServiceModelSamples/service.svc/"
                bindingConfiguration="requireInfoCard"
                binding="wsHttpBinding"
                contract="ISecureCalculator"
                behaviorConfiguration="ClientCredentials">
    <identity>
     <certificateReference
        findValue="Whatever_you_are_using" x509FindType="FindBySubjectName"
        storeLocation="CurrentUser" storeName="TrustedPeople" />
    </identity>
   </endpoint>
    </client>

    <bindings>
      <wsHttpBinding>
        <binding name="requireInfoCard">
          <security mode="Message">
            <message clientCredentialType="IssuedToken" establishSecurityContext="true"/>
          </security>
        </binding>
   </wsHttpBinding>
    </bindings>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ClientCredentials" includeExceptionDetailInFaults="true">
          <clientCredentials>
            <serviceCertificate>
              <defaultCertificate findValue="Fabrikam" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
              <authentication revocationMode="NoCheck" certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="CurrentUser" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

  • For the \UsingWSFederation sample. Here are the changes to the service config. Take note of the issuedTokenAuthentication element:

    <services>
      <service name="Microsoft.ServiceModel.Samples.CalculatorService" behaviorConfiguration="ServiceCredentials">
        <endpoint address="" binding="wsFederationHttpBinding" bindingConfiguration="requireInfoCard"
 contract="Microsoft.ServiceModel.Samples.ISecureCalculator" >
        </endpoint>
 <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
   </service>
    </services>

    <bindings>
      <wsFederationHttpBinding>
        <binding name="requireInfoCard">
          <security mode="Message">
            <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" issuedKeyType="AsymmetricKey">
              <claimTypeRequirements>
      <clear />
                <add claimType  ="http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress"/>
  <add claimType  ="http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier"/>
              </claimTypeRequirements>
              <issuer address="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self"/>
            </message>
          </security>
        </binding>
      </wsFederationHttpBinding>
    </bindings>

    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceCredentials">
          <serviceCredentials>
            <serviceCertificate findValue="Fabrikam" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
    <issuedTokenAuthentication allowUntrustedRsaIssuers="true"/>
          </serviceCredentials>
   <serviceDebug includeExceptionDetailInFaults="False" />
   <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

  • Client config as follows:

  <system.serviceModel>
    <client>
      <endpoint address="http://swmvm2k3/servicemodelsamples/service.svc"
       bindingConfiguration="WSFederationHttpBinding_ISecureCalculator" binding="wsFederationHttpBinding"
                contract="ISecureCalculator" behaviorConfiguration="ClientCredentials">
    <identity>
     <certificate encodedValue="Do a svcutil and you will see the light ..." />
    </identity>   
      </endpoint>
    </client>

    <bindings>
      <wsFederationHttpBinding>
      <binding name="WSFederationHttpBinding_ISecureCalculator" closeTimeout="00:01:00"
 openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
 bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
 maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
 messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
 <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
 maxBytesPerRead="4096" maxNameTableCharCount="16384" />
 <reliableSession ordered="true" inactivityTimeout="00:10:00"
 enabled="false" />
 <security mode="Message">
 <message algorithmSuite="Default" issuedKeyType="AsymmetricKey" isuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
       negotiateServiceCredential="true">
       <claimTypeRequirements>
        <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress"
         isOptional="false" />
        <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier"
         isOptional="false" />
       </claimTypeRequirements>
       <issuer address="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self" />
      </message>
     </security>
    </binding>
      </wsFederationHttpBinding>
    </bindings>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ClientCredentials" includeExceptionDetailInFaults="true">
          <clientCredentials>
            <serviceCertificate>
              <defaultCertificate findValue="Whatever_you_are_using" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
              <authentication revocationMode="NoCheck" certificateValidationMode="PeerOrChainTrust" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors></system.serviceModel>

With that all done, you should be able to get both Cardspace samples in the July CTP SDK running, which will give you some relief that, at least, the installation is fine.

Hope this helps someone out there. Now, moving on to fix the sts.labs.live.com and the relay.labs.live.com issues ... <sigh />

Published Monday, August 07, 2006 11:53 AM by Softwaremaker
Filed under: