Thursday, July 8, 2010

WCF Active Federation and Bearer Tokens

If you're using WCF's WS2007FederationHttpBinding, and you want the issued token to be a Bearer token, then you need to set IssuedKeyType of the message section to Bearer.

var binding = new WS2007FederationHttpBinding();
binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey;

The default IssuedKeyType is Symmetric, which is a holder-of-key token. I'll talk about why I needed a bearer token in a future post.