How To: Call an Informatie Vlaanderen SOAP Service in an ActAs scenario |
This section describes how to use the FederatedChannelFactoryT to consume an AGIV service in an ActAs scenario.
In an ActAs scenario, we supply information about minimal two distinct identities in the SAML token to the service we are calling.
The certificate used to call the service.
The original caller, typically the current user logged onto the application making the service call.
When we call an Informatie Vlaanderen SOAP service, we need a SAML token issued by the Informatie Vlaanderen STS for that specific service. To obtain a valid SAML token we use an application certificate to authenticate against the STS. When the service needs information about the application certificate and the original caller, (current user of the application) we pass in the identity about the original caller as an ActAs token in the request to the STS.
As a result we call the service with a SAML token containing the claims and identities of both the certificate and the current user, allowing the service to grant or deny access based on the information of these two identities.
Note |
---|
The ActAs scenario will only work if the service supports the ActAs scenario. If a service only needs the claims and identity of the original caller, use the OnBehalfOf scenario. For more information see: How To: Call an Informatie Vlaanderen SOAP Service in an OnBehalfOf scenario |
Configure your application to call the service
For more information see: How To: Consume an Informatie Vlaanderen SOAP Service
Use the CreateChannelActingAsCurrentUser method of FederatedChannelFactoryT to create a channel that supports ActAs.
The following example shows how to create a factory and channel that supports the ActAs scenario.
var factory = new FederatedChannelFactory<ServiceReference.IServiceChannel>("WS2007FederationHttpBinding_IService_Certificate"); var channel = factory.CreateChannelActingAsCurrentUser(); using (channel.CreateSafeDisposer()) { ... }