Home
%3CLINGO-SUB%20id%3D%22lingo-sub-287761%22%20slang%3D%22en-US%22%3EHow%20to%20authenticate%20with%20ADSF%20in%20Silverlight%205%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-287761%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20MSDN%20on%20Jul%2018%2C%202013%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CP%3EHow%20to%20authenticate%20with%20ADSF%20in%20Silverlight%205%20Application%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EThis%20article%20uses%20sample%20from%20%3CA%20href%3D%22http%3A%2F%2Fhashtagfail.com%2Fpost%2F11094642160%2Fwcf-wif-silverlight-active-federation%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20http%3A%2F%2Fhashtagfail.com%2Fpost%2F11094642160%2Fwcf-wif-silverlight-active-federation%20%3C%2FA%3E%20as%20start%20point%20and%26nbsp%3Bgives%20an%20example%20how%20to%20modify%20that%20sample%20to%20setup%20ADSF%20as%20STS%20token%20service%20for%20Silverlight%205%20to%20authenticate%20against.%20ADSF%20returns%20saml%20token%20to%20Web%20Application%20that%20hosting%20SL5%20application%2C%20and%20is%20decrypted%20and%20then%20get%20user%20Claims%20back%20to%20Silverlight%20Application%20for%20later%20WCF%20calls%20from%20Silverlight%20Application.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E1.%20We%20start%20with%20Sample%20from%20%3CA%20href%3D%22http%3A%2F%2Fhashtagfail.com%2Fpost%2F11094642160%2Fwcf-wif-silverlight-active-federation%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20http%3A%2F%2Fhashtagfail.com%2Fpost%2F11094642160%2Fwcf-wif-silverlight-active-federation%20%3C%2FA%3E%20-%20download%20and%20setup%20the%20sample.%26nbsp%3BThis%20sample%20uses%20its%20own%20in-process%20STS%20service.%20We%20are%20going%20to%20replace%20the%20STS%20service%20with%20ADSF%20as%20STS%20token%20service.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E2.%20Remove%20the%20project%20IdentityProviderAndSts%20from%20the%20sample%20solution.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E3.%20Add%20ADSF%20STS%20token%20service%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ESee%20the%20attached%20document%20for%20examples%20how%20to%20add%20ADSF%20STS%20token%20service%20in%20a%20project.%20Note%20the%20attached%20doc%20is%20a%20separated%20example%20on%20how%20to%20add%20ADSF%20STS%20token%20service%20to%20MVC%20Web%20Application.%20It%20is%20referenced%20here%20for%20the%20screen%20shots%20in%20the%20document%20how%20to%20add%20ADSF%20STS%20Service%20Reference%20-%20the%20stesp%20are%20the%20same.%20You%20can%20ignore%20the%20MVC%20part%20which%20is%20unrelated%20to%20this%20topic.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E4.%20Deploy%20cleintaccesspolicy.xml%20to%20the%20root%20of%20the%20web%20site%20for%20ADSF%2C%20otherwise%20cross%20domain%20calls%20will%20be%20blocked.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EBelow%20is%20an%20example.%20Tighten%20teh%20security%20as%20you%20need%2C%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%20%3CBR%20%2F%3E%20%3CACCESS-POLICY%3E%20%3CBR%20%2F%3E%20%3CCROSS-DOMAIN-ACCESS%3E%20%3CBR%20%2F%3E%20%3CPOLICY%3E%20%3CBR%20%2F%3E%20%3CALLOW-FROM%20http-methods%3D%22%26quot%3B*%26quot%3B%22%20http-request-headers%3D%22%26quot%3B*%26quot%3B%22%3E%20%3CBR%20%2F%3E%20%3CDOMAIN%20uri%3D%22%26quot%3B*%26quot%3B%2F%22%3E%20%3CBR%20%2F%3E%20%3CDOMAIN%20uri%3D%22%26quot%3Bhttp%3A%2F%2F*%26quot%3B%22%3E%3C%2FDOMAIN%3E%20%3CBR%20%2F%3E%20%3CDOMAIN%20uri%3D%22%26quot%3Bhttps%3A%2F%2F*%26quot%3B%22%3E%3C%2FDOMAIN%3E%20%3CBR%20%2F%3E%20%3C%2FDOMAIN%3E%20%3CBR%20%2F%3E%20%3CGRANT-TO%3E%20%3CBR%20%2F%3E%20%3CRESOURCE%20path%3D%22%26quot%3B%2F%26quot%3B%22%20include-subpaths%3D%22%26quot%3Btrue%26quot%3B%2F%22%3E%20%3CBR%20%2F%3E%20%3CSOCKET-RESOURCE%20port%3D%22%26quot%3B4502-4530%26quot%3B%22%20protocol%3D%22%26quot%3Btcp%26quot%3B%22%3E%3C%2FSOCKET-RESOURCE%3E%20%3CBR%20%2F%3E%20%3C%2FRESOURCE%3E%20%3CBR%20%2F%3E%20%3C%2FGRANT-TO%3E%20%3CBR%20%2F%3E%20%3C%2FALLOW-FROM%3E%20%3CBR%20%2F%3E%20%3C%2FPOLICY%3E%3C%2FCROSS-DOMAIN-ACCESS%3E%3C%2FACCESS-POLICY%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E5.%20If%20you%20see%20error%20regarding%20audienceUri%20%2C%20you%20will%20need%20to%20modify%20the%20web.config%20as%20below%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EError%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EID1032%3A%20At%20least%20one%20'audienceUri'%20must%20be%20specified%20in%20the%20SamlSecurityTokenRequirement%20when%20the%20AudienceUriMode%20is%20set%20to%20'Always'%26nbsp%3Bor%20'BearerKeyOnly'.Either%20add%20the%20valid%20URI%20values%20to%20the%20AudienceUris%20property%20of%20SamlSecurityTokenRequirement%2C%26nbsp%3B%20or%20turn%20off%20checking%20by%20specifying%20an%20AudienceUriMode%20of%20'Never'%20on%20the%20SamlSecurityTokenRequirement.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EResolve%20this%20error%20by%20adding%20(or%20changing)%20this%20in%20web.config.%20Note%20it%20is%20the%20Service%20tag%20that%20does%20not%20have%20any%20name%20in%20it.%20(there%20are%20other%20service%20tags%20with%20name%3D%20in%20web.config%2C%20those%20are%20generated%20by%20when%20adding%20the%20ADSF%20STS%20reference%20and%20so%20cannot%20be%20changed.)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ENote%3A%20in%20this%20sample%20below%2C%20%3CA%20href%3D%22https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%20%3C%2FA%3E%20is%20the%20web%20application%20hosting%20the%20Silverlight%20Application.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EAnd%2C%20SQLReports.contoso.com%20is%20the%20ADSF%20server.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CMICROSOFT.IDENTITYMODEL%3E%3C%2FMICROSOFT.IDENTITYMODEL%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CSERVICE%3E%3C%2FSERVICE%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CAUDIENCEURIS%20mode%3D%22%26quot%3BNever%26quot%3B%22%3E%3C%2FAUDIENCEURIS%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CADD%20value%3D%22%26lt%3BA%22%20href%3D%22https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20%3CA%20href%3D%22https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%3C%2FA%3E%20%20%2F%26gt%3B%3C%2FADD%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CFEDERATEDAUTHENTICATION%3E%3C%2FFEDERATEDAUTHENTICATION%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CWSFEDERATION%20passiveredirectenabled%3D%22%26quot%3Bfalse%26quot%3B%22%3E%3CBR%20%2F%3E%20issuer%3D%22%3CA%20href%3D%22https%3A%2F%2Fsqlreports.contoso.com%2Fadfs%2Fservices%2Ftrust%2F13%2Fusernamemixed%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsqlreports.contoso.com%2Fadfs%2Fservices%2Ftrust%2F13%2Fusernamemixed%3C%2FA%3E%22%20%3CBR%20%2F%3E%20realm%3D%22%3CA%20href%3D%22https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%3C%2FA%3E%22%20%3CBR%20%2F%3E%20requireHttps%3D%22true%22%20%2F%26gt%3B%3C%2FWSFEDERATION%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CCOOKIEHANDLER%20requiressl%3D%22%26quot%3Btrue%26quot%3B%22%3E%3C%2FCOOKIEHANDLER%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CAPPLICATIONSERVICE%3E%3C%2FAPPLICATIONSERVICE%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CCLAIMTYPEREQUIRED%3E%3C%2FCLAIMTYPEREQUIRED%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C!--Following%20are%20the%20claims%20offered%20by%20STS%20%26%2339%3Bhttp%3A%2F%2Flocalhost%2FIdentityProviderAndSts%26%2339%3B.%20Add%20or%20uncomment%20claims%20that%20you%20require%20by%20your%20application%20and%20then%20update%20the%20federation%20metadata%20of%20this%20application.--%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CCLAIMTYPE%20type%3D%22%26lt%3BA%22%20href%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fname%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20%3CA%20href%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fname%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fname%3C%2FA%3E%20%20optional%3D%22true%22%20%2F%26gt%3B%3C%2FCLAIMTYPE%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CCLAIMTYPE%20type%3D%22%26lt%3BA%22%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fws%2F2008%2F06%2Fidentity%2Fclaims%2Frole%3C%2FA%3E%20%20optional%3D%22true%22%20%2F%26gt%3B%3C%2FCLAIMTYPE%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CISSUERNAMEREGISTRY%20type%3D%22%26quot%3BMicrosoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry%2C%22%20microsoft.identitymodel%3D%22%22%3E%3C%2FISSUERNAMEREGISTRY%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CTRUSTEDISSUERS%3E%3C%2FTRUSTEDISSUERS%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CADD%20thumbprint%3D%22%26quot%3BE189797A491467A5B1DB027D1F5EFBB97B1D0476%26quot%3B%22%20name%3D%22%26quot%3B%26lt%3BA%22%20href%3D%22http%3A%2F%2FSQLReports.contoso.com%2Fadfs%2Fservices%2Ftrust%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CA%20href%3D%22http%3A%2F%2FSQLReports.contoso.com%2Fadfs%2Fservices%2Ftrust%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2FSQLReports.contoso.com%2Fadfs%2Fservices%2Ftrust%3C%2FA%3E%22%20%2F%26gt%3B%3C%2FADD%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%3CCERTIFICATEVALIDATION%20certificatevalidationmode%3D%22%26quot%3BNone%26quot%3B%2F%22%3E%3C%2FCERTIFICATEVALIDATION%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ecomment%20out%20%3CBR%20%2F%3E%20%3C!--federatedServiceHostConfiguration%20name%3D%26quot%3BFibonacciService.FibonacciService%26quot%3B%20%2F--%3E%20if%20exists.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E6.%20Decrypt%20the%20raw%20token%20returned%20by%20ADSF%20in%20a%20helper%20project.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ETake%20the%20sample%20solution%20as%20an%20example%2C%26nbsp%3B%20we%20need%20to%20change%20the%20code%20in%20tokenProcessor.cs%20(in%20SL.IdentityModel.Server%20project)%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eprivate%20SecurityToken%20ReadXmlToken(string%20%3CBR%20%2F%3E%20tokenXml)%20%3CBR%20%2F%3E%20%7B%20%3CBR%20%2F%3E%20using%20(StringReader%20strReader%20%3D%20new%20StringReader(tokenXml))%20%3CBR%20%2F%3E%20%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eusing%20(XmlReader%20reader%3DXmlReader.Create(strReader))%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EX509Certificate2%20cert%20%3D%20CertificateUtil.GetCertificate(StoreName.My%2C%20StoreLocation.LocalMachine%2C%20%22CN%3DDefaultApplicationCertificate%22)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ESecurityTokenHandlerCollection%20handlers%20%3D%20SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection()%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EList%3CSECURITYTOKEN%3Etokens%20%3D%20new%20List%3CSECURITYTOKEN%3E()%3B%3C%2FSECURITYTOKEN%3E%3C%2FSECURITYTOKEN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Etokens.Add(new%20X509SecurityToken(cert))%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ESecurityTokenResolver%20serviceResolver%20%3D%20SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new%20ReadOnlyCollection%3CSECURITYTOKEN%3E(tokens)%2C%20true)%3B%3C%2FSECURITYTOKEN%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20handlers.Configuration.ServiceTokenResolver%20%3D%20serviceResolver%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ehandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new%20Uri(%22%3CA%20href%3D%22https%3A%2F%2Fsqlreports.contoso.com%2Fadfs%2Fservices%2Ftrust%2F13%2Fusernamemixed%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsqlreports.contoso.com%2Fadfs%2Fservices%2Ftrust%2F13%2Fusernamemixed%3C%2FA%3E%22))%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Evar%20registry%20%3D%20new%20ConfigurationBasedIssuerNameRegistry()%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eregistry.AddTrustedIssuer(%22Thumbprint%22%2C%20%22%3CA%20href%3D%22http%3A%2F%2FSQLReports.contoso.com%2Fadfs%2Fservices%2Ftrust%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2FSQLReports.contoso.com%2Fadfs%2Fservices%2Ftrust%3C%2FA%3E%22)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ehandlers.Configuration.IssuerNameRegistry%20%3D%20registry%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Evar%20samlToken%20%3D%20handlers.ReadToken(reader)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ereturn%20samlToken%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%20%3CBR%20%2F%3E%20%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E7.%20If%20you%20are%20considering%20passing%20the%20raw%20token%20xml%20returned%20by%20ADSF%20to%20Silverlight%20application%20for%20further%20options%20such%20as%20passing%20the%20raw%20token%20with%20the%20WCF%20calls%20and%20let%20remote%20WCF%20service%20decrypt%20the%20raw%20token%20to%20get%20User%20Claims%20out%20of%20it%2C%20below%20is%20how%20you%20can%20add%20the%20raw%20token%20into%20cache%20and%20then%20retrieve%20it%20in%20Silverlight%20Application.%20Note%20we%20cannot%20decrypt%20the%20token%20inside%20Silverlight%20project.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIn%20ClaimsIdentitySessionManager.cs%20file%20(project%20SL.IdentityModel)%2C%20modify%20the%20following%20code%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eprivate%20void%20trustClient_IssueCompleted(%20object%20sender%2C%20IssueCompletedEventArgs%20e%20)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eif%20(%20null%20%3D%3D%20e.Error)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%2F%2Fjason%20added%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20RequestSecurityTokenResponse%20rstr%20%3D%20e.Result%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20string%20appliesTo%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20if%20(null%20%3D%3D%20rstr.AppliesTo%20%7C%7C%20null%20%3D%3D%20rstr.AppliesTo.Uri)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20throw%20new%20ArgumentException(%22No%20appliesTo%20in%20RequestSecurityTokenResponse%22)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20appliesTo%20%3D%20rstr.AppliesTo.Uri.AbsoluteUri%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20_tokenCache.AddTokenToCache(rstr.AppliesTo.Uri.AbsoluteUri%2C%20rstr)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20%2F%2Fjason%20added%20ends%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20ClaimsIdentitySessionManager.Current.SetSessionCookieAsync(%20e.Result.RequestedSecurityToken.RawToken%20)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eelse%20if%20(%20null%20!%3D%20SignInComplete%20)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20SignInComplete(%20sender%2C%20new%20SignInEventArgs(%20null%2C%20e.Error%20)%20)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%2F%2Fjason%20added%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Epublic%20RequestSecurityTokenResponse%20getRSTRFromTokenCache(string%20appliesTo)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ereturn%20_tokenCache.GetTokenFromCache(appliesTo)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%2F%2Fjason%20added%20ends%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ERetrieve%20the%20raw%20token%20in%20SL5%20application%20from%20the%20cache%2C%20such%20as%20mainpage.xaml.cs%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eif%20(ClaimsIdentitySessionManager.Current.User.ClaimsIdentity.IsAuthenticated)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7B%20%3CBR%20%2F%3E%20RequestSecurityTokenResponse%20rsts%3DClaimsIdentitySessionManager.Current.getRSTRFromTokenCache(%22%3CA%20href%3D%22https%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsqlbackend.contoso.com%2FFibonacciFederatedAuth%2F%3C%2FA%3E%22)%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CBR%20%2F%3E%20RequestedSecurityToken%20token%20%3D%20rsts.RequestedSecurityToken%3B%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%7D%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EPS.%20ADSF%20Raw%20token%20xml%20Example%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CENCRYPTEDDATA%3E%3CBR%20%2F%3E%20Type%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23Element%5C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23Element%5C%3C%2FA%3E%22%20%3CBR%20%2F%3E%20xmlns%3Axenc%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%5C%26quot%3B%26gt%3B%26lt%3Bxenc%3AEncryptionMethod%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%5C%22%26gt%3B%3CENCRYPTIONMETHOD%3E%3C%2FENCRYPTIONMETHOD%3E%3C%2FA%3E%20%3CBR%20%2F%3E%20Algorithm%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes256-cbc%5C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes256-cbc%5C%3C%2FA%3E%22%20%3CBR%20%2F%3E%20%2F%26gt%3B%3CKEYINFO%20xmlns%3D%22%5C%26quot%3B%26lt%3BA%22%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%5C%26quot%3B%26gt%3B%26lt%3Be%3AEncryptedKey%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%5C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%5C%3C%2FA%3E%22%26gt%3B%3CENCRYPTEDKEY%3E%20%3CBR%20%2F%3E%20xmlns%3Ae%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%5C%26quot%3B%26gt%3B%26lt%3Be%3AEncryptionMethod%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23%5C%22%26gt%3B%3CENCRYPTIONMETHOD%3E%3C%2FENCRYPTIONMETHOD%3E%3C%2FA%3E%20%3CBR%20%2F%3E%20Algorithm%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23rsa-oaep-mgf1p%5C%26quot%3B%26gt%3B%26lt%3BDigestMethod%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23rsa-oaep-mgf1p%5C%22%26gt%3B%3CDIGESTMETHOD%3E%3C%2FDIGESTMETHOD%3E%3C%2FA%3E%20%3CBR%20%2F%3E%20Algorithm%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%5C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%5C%3C%2FA%3E%22%20%2F%26gt%3B%3C%2FENCRYPTEDKEY%3E%3CKEYINFO%3E%3CSECURITYTOKENREFERENCE%3E%3CBR%20%2F%3E%20xmlns%3Ao%3D%5C%22%3CA%20href%3D%22http%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%5C%26quot%3B%26gt%3B%26lt%3BX509Data%26gt%3B%26lt%3BX509IssuerSerial%26gt%3B%26lt%3BX509IssuerName%26gt%3BCN%3DDefaultApplicationCertificate%26lt%3B%2FX509IssuerName%26gt%3B%26lt%3BX509SerialNumber%26gt%3B56811571836600510090139452222342497478%26lt%3B%2FX509SerialNumber%26gt%3B%26lt%3B%2FX509IssuerSerial%26gt%3B%26lt%3B%2FX509Data%26gt%3B%26lt%3B%2Fo%3ASecurityTokenReference%26gt%3B%26lt%3B%2FKeyInfo%26gt%3B%26lt%3Be%3ACipherData%26gt%3B%26lt%3Be%3ACipherValue%26gt%3ByQQxlmji%2BCzxpnban%2FMX6rD40I4NJU728KtHqBl1cFz7dQXvokqNZYklY0V6MK9k8ICtfTOYe7t8dQOwYOYQ%2FSuVFrGeXGgVAibT8DN4DpZmlVHgFIXHcL7XVIdTrFYYwVdrNrkrvnT%2BDxCTx8oCUR1ddbrqPBwchwqYCy6UPmDjUj2p0Wwftse%2FfcMUmoVObGr79PxqKFp02HrVX481Fpoov5HKBaT0AGUH%2FziniwCgeM6p2XBn3JC3JmiCQzFukKNpJtzWXJH0xc6eEZr57NxybZ2%2BzvYa85uKiJGIUahgu%2BCjR6Z3dNDaPZ5LbPFM8UiELEtNZvfaZJPqkD2u1A%3D%3D%26lt%3B%2Fe%3ACipherValue%26gt%3B%26lt%3B%2Fe%3ACipherData%26gt%3B%26lt%3B%2Fe%3AEncryptedKey%26gt%3B%26lt%3B%2FKeyInfo%26gt%3B%26lt%3Bxenc%3ACipherData%26gt%3B%26lt%3Bxenc%3ACipherValue%26gt%3BzSbLT3g3GQG7cn6rt02ZOxu1EdcRDKS1XBsPLAveMqsGDUCwlj5X65dUzvMaNAWGm%2F2R1kMhzr%2FlUfGdenGLxifrt%2FBAXslqjPfwTr4XWR98exJmhCQ3l7DvTL2erWHFQCR4aSZU1U%2FiKKI61JPq%2FOSFSb3XA3oqCUCn7C7l3%2BQpjAIzhPGiMBn9MHr079dJUzDCFlLmaQ%2FjVWNuEDbpH%2FxvoCyIqyzgecXBETgCqigCYJnygk03Z%2FDFfrDFTaF89r%2FZB3WlI9APntxtqPElTqy%2Fjzmd3myM3NVISCR0mo3G76T1cTHZGl%2F%2FOproB7cGeC9u1c1nfO7kgJLz2UBDJ96P4ICWnTOJXGCMerTi1AZVLAoEz2pKxsV61iV8SqBt1jJ7yeaO9kVA3mCJmllMxOwzIyWvkkOvXvRySHc7%2F%2B02OKxVHBqSAA%2BT8nxya4StYsh%2BXJLiSzqhB20wExu%2FDqu7gzV7s3yblfCCC15k%2Fnzh9sDuAUuOn0RVDBX%2FawqScWuBDWUia7pNjwIgscJGNbNAbF8ajY53Sc75dcdUXJwxw3k8RR3fmSY%2BZNJKZP5VKuWxevgys036Zd2lehqPfNcvJNlofZFbhT%2BV3PZsO1dF%2FPkTU%2FyjN4%2FPk2Q13yQvg6uk6FYbyQLqmkoUSP8XPgNBV75%2B1NVmkjaRO%2FYS9SmnRLn9iT4E0pqfK0NiYBeCQfXg0TW6ZL%2FK3Zev5LYxxbCdoB5eEN%2F7L4MwWdb6AcUdPsKEWQbm%2B%2FLcqHLlI3Uu6HYlHmb6w0rSiHggrL6xPadmBPOVLDqD%2BvsfJ%2F4pdEw%2FvBIpmSL1Ycl3U%2Bu8I8wy5WdGfVZCOYUMcc2PhcINxFUzBJSLibyG%2F84HrYNkPVrhCh2DUueTDLrLL32%2B2wxTAz7qTmaVnVa7QrX1IHPX8XJlofRJvo41ImE4%2F%2BTzaa8AkPHzsouLGfwFimcjNUDbou8Hx%2BdS4j0oQHJBv11vQKVUnmNFouj%2FEQCor5IEkkqlmYkDz8r2EKGY53jMT9m%2FrGQfRl0326ePFVs%2FN4%2BQAlt03m9tj1TlLx%2Bdh3eugDn4TGkYpuneP0krFWK1IrME860UriOACMe2YKQxLpmvzSvr0UDOEf3D8HEGLCRG6FoHjWRxq4yyZnQ2zodb7f%2BXpD6W0yqFALAkfmKN89pNVrLZLD593kTO0DS4iFrGthJqMw1Ujfgx22ysFObY1Lcxw1NEKwFgLNxPi87j99gHJsq9YwKa7KIX6a9jXof8fXe%2BrKZRDtc%2BuEMHg%2FEwENMZbYcFavxXHCafbWCdwhVHIF90VMh4yxLA8KkzEDmTJTYgwBEBqQcgyqItdavKnlrHuTSyNKUMVvGLJBIVLKftQD2dR4NYPmSsc9ACj44hJjrR7ZSCjoL%2FjZNO73EW8Ozc8UwNRaQ0arxc5g82bzwD2lxErAyfbvD0OK1nG4aMI%2BsLz7gS6%2BkB6i4xcnZGrSde9o6Z4WBFjIJz53GYfDeZAyrnBFO1PP1FwYcMmua2N5Ox2DyEIAsWbJkrpOjuqU62wkjgZIuD2LAcFw%2BfW%2FdC2qKOcqsuZHkPYflTFI7YE%2B3mpEDpXUgOHBIql9HwtwoDGHntijUv84wcwLCKc%2B4BJx8YI61rmSyZvgWJyWbJxu8L9T5z3Fr1r9eI7GMrvxB3HVIj%2BCEIq0S3o1vj%2FVVCQOwcZoTgD7Bi5NFC4aLulIPDoi%2FXt9%2FJvonQq5uFaxVocOKiV0CfgBofOEZW%2FfDdzGlyJyHjccc%2FXcVD9z%2FuoiSsIeAmbbtnPWvsy8n1Xe3jOo9WlmEdEx%2F7Ol0Q%2FMMcUDvrCEpkt7PAG9cgohI%2FzZIqwj5g9IiobBOXOx2qN8EwztNf6t4dQ7YYSB%2FW2qbPN5OLQQfmX3PFh0ZGFtv0YS7SlRfHs09wqpemNd8dXP8iBQvhBGk07Nyyw6m4jI%2B5tS8lNzEVpBdcfCgJK2zJ84LmdxCUSfb%2BITiyWtN7jmf7mn4eXbfOhYsZKePZtENtYOXYjy7yBHXLgqOmSAQJwWI3MIOqB5D1Nqj6lkr%2BGQ%2FIFVwZKy%2BjVKnpuQiRRwX%2BEkXlR0vejo2DerPyp6L3VzLDlp8FYA1QBfWSB433%2FZBul%2FZL4A5Natd57oS54eisIs%2FhirpYnMq8MxN144Ro%2FNYfjpPRkQIKuzJ%2B21Exk2rkGAzF3F31pCLVldcF0jUXIsLjLEpmz3m7XFTuux4%2FV0TzQJqM%2Bdbg%2BZmeYuXq7f8947jD%2FaM4qi57NH3aUJKoWiq9JpYRTWTpHA3Y1s4GRwEx5XehJH3VVYgJRPayrjdK0YPKRnhxoZps1fnMWWa8BSIU3G4bG%2BYxaTpvGJQgyTYaEjnPFwmwYOJVWrzm4FSVEK17eMk3eBI0jXhRCjnL9jgJVc5bKeFSWyteLYMrYohHxa0WltBqq2llzkd6ao%2FaYpZhhbfJQ%2B5NeQNcC6DoNeA7TqyiPrICrNKTxzZo9xKFqexRfTwJBjQ8aKIqhy1zx4Zj31eM%2B2BV%2FxdKrKOvK8UexptPz3Ld9WxH4mLMA2dq6x%2B3ULqBcmX0AdsDNgEPkSuyW73YeCGMFJx1yV1%2FR%2Fae0luSxyk%2BsCZLzYh1xYEItOkBf4HN7qghtYavJone2pFIyMSkTD%2Flo8eg37%2Bj4HWJ%2FYrNRoTmxtL4CtlPLm6ghok6BtfwE86N%2BdfNURQMUOyaALkygK8b0BDt22dFylIZHD5zb2Oow3IBHiV1AeOMX5eoYeUifWBaUgsul5BEnWgL9jxnDZuC2gUYwf9x7frNBjzdkvDGYz6vN0y8HQ7sIZjBDVKjlrfwTV5EfLVR%2F5imN3JYDYahbygldylxa5Gnh4Bpqf28BRY8Bilqeclbxk8PKUbP9HIGfZ%2BahRn28iPRupIk8B0HQzhMTejj8CdJtzNkNcNLAZV9zb%2BwlY09EmImBgLFhorI6m%2FEJx1jaQoH4fsb5ZlNNxBTNPebmJjBmBe9ij28Ffz64MW8c%2F9MyeyFKNR8WRbh0EtxXizZ7f9hn0D2Bn7gdtG17o3HOo%2BZqakkxEUPX8ZPPYOYpbtLIaWxEXYNv4dy%2BzLRuZddYjqln1cV6gYtsdSedKQ%2FHOzGLJSwWUNyTg2MSjZoG%2F1euB68KoWeAl5NQUD%2FS4FNGM9rcxoPOkrb%2BmidP%2BGmDpsSkZCaBAbjkFJh9uKZThniqQwkmolCtFsBVQtteGYAlQuNGslEvJhnCQq33taBfKirtr2I8wFH0YaXS400Kf4QEU5fd2e1UnDRIsNO%2FdetEwOXhwJ%2B0GyAXVv9Lxi0muM3TxmSfibed%2BRncRixyJNLK0H3rB7Wy2GDyZAF00Z4N4Z2kLbGbJzg6uErgB%2BamJTg0Hgjb0ErUUBiAwhaeKJGhRX57zAx0AJHzZTV0lyOFawyw0JFdhmT8gT8YPLRrjeeFlpDYuYVyhAziY91OU%2FPGEC8%2BPgZKHhoogbDkqXO9wWhxndbetKMlecH6ngWCTDRNKwWp15tcWE1stqKIwnJacwIziR3qFGo3bVyq2Ag4pjzpuA0GMKstc7oQsSaDv7QYJW9YI7%2Fz7qn3HYyNe1RL%2BFrRzl2ebd9WxGX6YhG%2FGdgohVQ64Nmb2gyKYdwoI7sArUhV3%2FN5%2BifiTdWjfka%2FDeIgxRbAmOmCeEzcg0jS0MxIw1vSDsPKCytmVdRax8f8R1SqNt37tBFwiE26ItOfNiM1EspJamJj%2FUET9EIO5nXfGXaA8BkZtqtBXAkYolh3kMUDfo40jO%2FEpOqeUNZfZpRja6uA%2BaUZH4wllLsbxa0QV6ipjwyN0MDjsXN43566418m0bGMyBNEdQQxocZRVqAD2cnBYMjO5R37%2FPaJ2x2PIeGgt6rINnBv1GvTwlC7s2v5phhlnjXRNJZpvYOeGfnsRQinpVL5TKHDr1ymOIW9mkLDKpFyScrUW6a4wEeRNgWTJssdzP88Ref6en8LMO3icEhq%2BRi3vutcPDPmoail7P94sgrkWtnyQsjivD9BEZFHIlsL6E5PqWOwWXOQbG92Jp3B8%2FPXP2m9uqTnf5cmGW8MPlrz8MtzhP8t9TCnFN3YHepfpA7XwmwJROEzcflKykaQllvaliPnKRrpIW0n6tQGf1ZyFnR%2FKv32sK3sKiaSf5mmWkB50MIzB0va7ynEPVeg8nVtB7v6GNhWm%2FaSFXp5L4zccZuGuvjD%2FC%2FXIYcmbVuCsS5q8%2Bj%2Fh5Mw1lDUa%2F9ApkWrOZLiCtB8MXmRcN31ZqmtIOrPjJbtgaDKBSpBnKSvDVDrcPZo1zaMmNIKwm9WH8oYnYITcAw3WpmmQ1zxxN%2Bbs%2BLdLUsXAM7mUhhSpFfiTSrjxGlCcIkIP3w%2FwpacD4EGUpg6p5Tf6i7i4o6zDPfjybcCU0Q5cVhiBIFBvJu4u5CNxJPDbNUScr6oS5K%2BJCVsLNElMJhxNdbtbAP3UQckhkmFTlq9oMpyohyv5BwGrCTbzpv5lZuRfY6mOVFhFh1q8fRGKtXXHujuqwUBcEpj%2BP11LlnWfT9KNHeXPLa%2F1DbDa2d1GVUzzrtVOmiqAKe1zhcpx8zDosaf6h%2FdfSOW%2BPRiE8h8mYrY89OsLeAlx55oA1dE8lC4toEDFolr5rN7L1KeLqyZKyU0xy3AFHiGkzKJ7zlfwKOeSPi8pOufaeLw8WMzBlhfCSEa%2BWbfNXtAmOatEbVaEUs2hh5fcSXUgSi1jJEylLRuEGDdXzTUhifwfuTTnLXBQEIYjNRmeWm%2BcRrMwqR0xk2yrOZCt%2F1ET9nVXccX0wKvDqF%2FfHi7Zd2p0FjJ%2Fgw8gFew9MEoVi8ZmcDU5%2B9bMlySmwnsg6eaA5jUi4oMn0KfFTgoKGW0T8BpX018R68t4qjj2vY3iUoKkpjjYq5U6RTVpuKy%2Ffl9PX56Bxcct56Xzy7kd%2FewT6Iujpp9d6v%2BHK0Tq89H%2B2QY%2FAwB7MgW3EqKHEWOVdvXxDh2X6ZqwI%2BJMQt9zcHUUztfJ04I7mEc3B%2Bl8jT9JjZkIbfRR2v3PXqixOYD5HsaHR%2FIZFV1OR1EYkrrqF2o2RTT5l5CfytobfW6v2B9IQl7tI0CrgkcGSVR1IAU4b8ewzHSdkxAJeDJoXggMpugGpaaFFq77Zc%2BoVqKZBBNukY5QnoJxBR%2FenBjdCzdwWrSMAckg2SYXZY7YyXe0a%2BLmfx%2Fy28JhzSSMl45Ee6u9NybKR%2FMo2C91dhnRdyqorcNHCDVynxsMrASOvt%2BpbrZpa7BIeCN%2FqErSpiExu1lDnhKM4IAcx2C1dVmaJTmskkieQQANSFeXq9BqNNesWthf5N%2FE6clYd8nJmMkDxxzpppCv%2Fj7AEaSpREH3nGjIDeH1nYN8FWcLQ1TZjP0DvA%2FgKEzXBGkwE%3D%26lt%3B%2Fxenc%3ACipherValue%26gt%3B%26lt%3B%2Fxenc%3ACipherData%26gt%3B%26lt%3B%2Fxenc%3AEncryptedData%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fdocs.oasis-open.org%2Fwss%2F2004%2F01%2Foasis-200401-wss-wssecurity-secext-1.0.xsd%5C%22%26gt%3B%3CX509DATA%3E%3CX509ISSUERSERIAL%3E%3CX509ISSUERNAME%3ECN%3DDefaultApplicationCertificate%3C%2FX509ISSUERNAME%3E%3CX509SERIALNUMBER%3E56811571836600510090139452222342497478%3C%2FX509SERIALNUMBER%3E%3C%2FX509ISSUERSERIAL%3E%3C%2FX509DATA%3E%3C%2FA%3E%3C%2FSECURITYTOKENREFERENCE%3E%3C%2FKEYINFO%3E%3CCIPHERDATA%3E%3CCIPHERVALUE%3EyQQxlmji%2BCzxpnban%2FMX6rD40I4NJU728KtHqBl1cFz7dQXvokqNZYklY0V6MK9k8ICtfTOYe7t8dQOwYOYQ%2FSuVFrGeXGgVAibT8DN4DpZmlVHgFIXHcL7XVIdTrFYYwVdrNrkrvnT%2BDxCTx8oCUR1ddbrqPBwchwqYCy6UPmDjUj2p0Wwftse%2FfcMUmoVObGr79PxqKFp02HrVX481Fpoov5HKBaT0AGUH%2FziniwCgeM6p2XBn3JC3JmiCQzFukKNpJtzWXJH0xc6eEZr57NxybZ2%2BzvYa85uKiJGIUahgu%2BCjR6Z3dNDaPZ5LbPFM8UiELEtNZvfaZJPqkD2u1A%3D%3D%3C%2FCIPHERVALUE%3E%3C%2FCIPHERDATA%3E%3C%2FKEYINFO%3E%3C%2FENCRYPTEDDATA%3E%3CCIPHERDATA%3E%3CCIPHERVALUE%3EzSbLT3g3GQG7cn6rt02ZOxu1EdcRDKS1XBsPLAveMqsGDUCwlj5X65dUzvMaNAWGm%2F2R1kMhzr%2FlUfGdenGLxifrt%2FBAXslqjPfwTr4XWR98exJmhCQ3l7DvTL2erWHFQCR4aSZU1U%2FiKKI61JPq%2FOSFSb3XA3oqCUCn7C7l3%2BQpjAIzhPGiMBn9MHr079dJUzDCFlLmaQ%2FjVWNuEDbpH%2FxvoCyIqyzgecXBETgCqigCYJnygk03Z%2FDFfrDFTaF89r%2FZB3WlI9APntxtqPElTqy%2Fjzmd3myM3NVISCR0mo3G76T1cTHZGl%2F%2FOproB7cGeC9u1c1nfO7kgJLz2UBDJ96P4ICWnTOJXGCMerTi1AZVLAoEz2pKxsV61iV8SqBt1jJ7yeaO9kVA3mCJmllMxOwzIyWvkkOvXvRySHc7%2F%2B02OKxVHBqSAA%2BT8nxya4StYsh%2BXJLiSzqhB20wExu%2FDqu7gzV7s3yblfCCC15k%2Fnzh9sDuAUuOn0RVDBX%2FawqScWuBDWUia7pNjwIgscJGNbNAbF8ajY53Sc75dcdUXJwxw3k8RR3fmSY%2BZNJKZP5VKuWxevgys036Zd2lehqPfNcvJNlofZFbhT%2BV3PZsO1dF%2FPkTU%2FyjN4%2FPk2Q13yQvg6uk6FYbyQLqmkoUSP8XPgNBV75%2B1NVmkjaRO%2FYS9SmnRLn9iT4E0pqfK0NiYBeCQfXg0TW6ZL%2FK3Zev5LYxxbCdoB5eEN%2F7L4MwWdb6AcUdPsKEWQbm%2B%2FLcqHLlI3Uu6HYlHmb6w0rSiHggrL6xPadmBPOVLDqD%2BvsfJ%2F4pdEw%2FvBIpmSL1Ycl3U%2Bu8I8wy5WdGfVZCOYUMcc2PhcINxFUzBJSLibyG%2F84HrYNkPVrhCh2DUueTDLrLL32%2B2wxTAz7qTmaVnVa7QrX1IHPX8XJlofRJvo41ImE4%2F%2BTzaa8AkPHzsouLGfwFimcjNUDbou8Hx%2BdS4j0oQHJBv11vQKVUnmNFouj%2FEQCor5IEkkqlmYkDz8r2EKGY53jMT9m%2FrGQfRl0326ePFVs%2FN4%2BQAlt03m9tj1TlLx%2Bdh3eugDn4TGkYpuneP0krFWK1IrME860UriOACMe2YKQxLpmvzSvr0UDOEf3D8HEGLCRG6FoHjWRxq4yyZnQ2zodb7f%2BXpD6W0yqFALAkfmKN89pNVrLZLD593kTO0DS4iFrGthJqMw1Ujfgx22ysFObY1Lcxw1NEKwFgLNxPi87j99gHJsq9YwKa7KIX6a9jXof8fXe%2BrKZRDtc%2BuEMHg%2FEwENMZbYcFavxXHCafbWCdwhVHIF90VMh4yxLA8KkzEDmTJTYgwBEBqQcgyqItdavKnlrHuTSyNKUMVvGLJBIVLKftQD2dR4NYPmSsc9ACj44hJjrR7ZSCjoL%2FjZNO73EW8Ozc8UwNRaQ0arxc5g82bzwD2lxErAyfbvD0OK1nG4aMI%2BsLz7gS6%2BkB6i4xcnZGrSde9o6Z4WBFjIJz53GYfDeZAyrnBFO1PP1FwYcMmua2N5Ox2DyEIAsWbJkrpOjuqU62wkjgZIuD2LAcFw%2BfW%2FdC2qKOcqsuZHkPYflTFI7YE%2B3mpEDpXUgOHBIql9HwtwoDGHntijUv84wcwLCKc%2B4BJx8YI61rmSyZvgWJyWbJxu8L9T5z3Fr1r9eI7GMrvxB3HVIj%2BCEIq0S3o1vj%2FVVCQOwcZoTgD7Bi5NFC4aLulIPDoi%2FXt9%2FJvonQq5uFaxVocOKiV0CfgBofOEZW%2FfDdzGlyJyHjccc%2FXcVD9z%2FuoiSsIeAmbbtnPWvsy8n1Xe3jOo9WlmEdEx%2F7Ol0Q%2FMMcUDvrCEpkt7PAG9cgohI%2FzZIqwj5g9IiobBOXOx2qN8EwztNf6t4dQ7YYSB%2FW2qbPN5OLQQfmX3PFh0ZGFtv0YS7SlRfHs09wqpemNd8dXP8iBQvhBGk07Nyyw6m4jI%2B5tS8lNzEVpBdcfCgJK2zJ84LmdxCUSfb%2BITiyWtN7jmf7mn4eXbfOhYsZKePZtENtYOXYjy7yBHXLgqOmSAQJwWI3MIOqB5D1Nqj6lkr%2BGQ%2FIFVwZKy%2BjVKnpuQiRRwX%2BEkXlR0vejo2DerPyp6L3VzLDlp8FYA1QBfWSB433%2FZBul%2FZL4A5Natd57oS54eisIs%2FhirpYnMq8MxN144Ro%2FNYfjpPRkQIKuzJ%2B21Exk2rkGAzF3F31pCLVldcF0jUXIsLjLEpmz3m7XFTuux4%2FV0TzQJqM%2Bdbg%2BZmeYuXq7f8947jD%2FaM4qi57NH3aUJKoWiq9JpYRTWTpHA3Y1s4GRwEx5XehJH3VVYgJRPayrjdK0YPKRnhxoZps1fnMWWa8BSIU3G4bG%2BYxaTpvGJQgyTYaEjnPFwmwYOJVWrzm4FSVEK17eMk3eBI0jXhRCjnL9jgJVc5bKeFSWyteLYMrYohHxa0WltBqq2llzkd6ao%2FaYpZhhbfJQ%2B5NeQNcC6DoNeA7TqyiPrICrNKTxzZo9xKFqexRfTwJBjQ8aKIqhy1zx4Zj31eM%2B2BV%2FxdKrKOvK8UexptPz3Ld9WxH4mLMA2dq6x%2B3ULqBcmX0AdsDNgEPkSuyW73YeCGMFJx1yV1%2FR%2Fae0luSxyk%2BsCZLzYh1xYEItOkBf4HN7qghtYavJone2pFIyMSkTD%2Flo8eg37%2Bj4HWJ%2FYrNRoTmxtL4CtlPLm6ghok6BtfwE86N%2BdfNURQMUOyaALkygK8b0BDt22dFylIZHD5zb2Oow3IBHiV1AeOMX5eoYeUifWBaUgsul5BEnWgL9jxnDZuC2gUYwf9x7frNBjzdkvDGYz6vN0y8HQ7sIZjBDVKjlrfwTV5EfLVR%2F5imN3JYDYahbygldylxa5Gnh4Bpqf28BRY8Bilqeclbxk8PKUbP9HIGfZ%2BahRn28iPRupIk8B0HQzhMTejj8CdJtzNkNcNLAZV9zb%2BwlY09EmImBgLFhorI6m%2FEJx1jaQoH4fsb5ZlNNxBTNPebmJjBmBe9ij28Ffz64MW8c%2F9MyeyFKNR8WRbh0EtxXizZ7f9hn0D2Bn7gdtG17o3HOo%2BZqakkxEUPX8ZPPYOYpbtLIaWxEXYNv4dy%2BzLRuZddYjqln1cV6gYtsdSedKQ%2FHOzGLJSwWUNyTg2MSjZoG%2F1euB68KoWeAl5NQUD%2FS4FNGM9rcxoPOkrb%2BmidP%2BGmDpsSkZCaBAbjkFJh9uKZThniqQwkmolCtFsBVQtteGYAlQuNGslEvJhnCQq33taBfKirtr2I8wFH0YaXS400Kf4QEU5fd2e1UnDRIsNO%2FdetEwOXhwJ%2B0GyAXVv9Lxi0muM3TxmSfibed%2BRncRixyJNLK0H3rB7Wy2GDyZAF00Z4N4Z2kLbGbJzg6uErgB%2BamJTg0Hgjb0ErUUBiAwhaeKJGhRX57zAx0AJHzZTV0lyOFawyw0JFdhmT8gT8YPLRrjeeFlpDYuYVyhAziY91OU%2FPGEC8%2BPgZKHhoogbDkqXO9wWhxndbetKMlecH6ngWCTDRNKwWp15tcWE1stqKIwnJacwIziR3qFGo3bVyq2Ag4pjzpuA0GMKstc7oQsSaDv7QYJW9YI7%2Fz7qn3HYyNe1RL%2BFrRzl2ebd9WxGX6YhG%2FGdgohVQ64Nmb2gyKYdwoI7sArUhV3%2FN5%2BifiTdWjfka%2FDeIgxRbAmOmCeEzcg0jS0MxIw1vSDsPKCytmVdRax8f8R1SqNt37tBFwiE26ItOfNiM1EspJamJj%2FUET9EIO5nXfGXaA8BkZtqtBXAkYolh3kMUDfo40jO%2FEpOqeUNZfZpRja6uA%2BaUZH4wllLsbxa0QV6ipjwyN0MDjsXN43566418m0bGMyBNEdQQxocZRVqAD2cnBYMjO5R37%2FPaJ2x2PIeGgt6rINnBv1GvTwlC7s2v5phhlnjXRNJZpvYOeGfnsRQinpVL5TKHDr1ymOIW9mkLDKpFyScrUW6a4wEeRNgWTJssdzP88Ref6en8LMO3icEhq%2BRi3vutcPDPmoail7P94sgrkWtnyQsjivD9BEZFHIlsL6E5PqWOwWXOQbG92Jp3B8%2FPXP2m9uqTnf5cmGW8MPlrz8MtzhP8t9TCnFN3YHepfpA7XwmwJROEzcflKykaQllvaliPnKRrpIW0n6tQGf1ZyFnR%2FKv32sK3sKiaSf5mmWkB50MIzB0va7ynEPVeg8nVtB7v6GNhWm%2FaSFXp5L4zccZuGuvjD%2FC%2FXIYcmbVuCsS5q8%2Bj%2Fh5Mw1lDUa%2F9ApkWrOZLiCtB8MXmRcN31ZqmtIOrPjJbtgaDKBSpBnKSvDVDrcPZo1zaMmNIKwm9WH8oYnYITcAw3WpmmQ1zxxN%2Bbs%2BLdLUsXAM7mUhhSpFfiTSrjxGlCcIkIP3w%2FwpacD4EGUpg6p5Tf6i7i4o6zDPfjybcCU0Q5cVhiBIFBvJu4u5CNxJPDbNUScr6oS5K%2BJCVsLNElMJhxNdbtbAP3UQckhkmFTlq9oMpyohyv5BwGrCTbzpv5lZuRfY6mOVFhFh1q8fRGKtXXHujuqwUBcEpj%2BP11LlnWfT9KNHeXPLa%2F1DbDa2d1GVUzzrtVOmiqAKe1zhcpx8zDosaf6h%2FdfSOW%2BPRiE8h8mYrY89OsLeAlx55oA1dE8lC4toEDFolr5rN7L1KeLqyZKyU0xy3AFHiGkzKJ7zlfwKOeSPi8pOufaeLw8WMzBlhfCSEa%2BWbfNXtAmOatEbVaEUs2hh5fcSXUgSi1jJEylLRuEGDdXzTUhifwfuTTnLXBQEIYjNRmeWm%2BcRrMwqR0xk2yrOZCt%2F1ET9nVXccX0wKvDqF%2FfHi7Zd2p0FjJ%2Fgw8gFew9MEoVi8ZmcDU5%2B9bMlySmwnsg6eaA5jUi4oMn0KfFTgoKGW0T8BpX018R68t4qjj2vY3iUoKkpjjYq5U6RTVpuKy%2Ffl9PX56Bxcct56Xzy7kd%2FewT6Iujpp9d6v%2BHK0Tq89H%2B2QY%2FAwB7MgW3EqKHEWOVdvXxDh2X6ZqwI%2BJMQt9zcHUUztfJ04I7mEc3B%2Bl8jT9JjZkIbfRR2v3PXqixOYD5HsaHR%2FIZFV1OR1EYkrrqF2o2RTT5l5CfytobfW6v2B9IQl7tI0CrgkcGSVR1IAU4b8ewzHSdkxAJeDJoXggMpugGpaaFFq77Zc%2BoVqKZBBNukY5QnoJxBR%2FenBjdCzdwWrSMAckg2SYXZY7YyXe0a%2BLmfx%2Fy28JhzSSMl45Ee6u9NybKR%2FMo2C91dhnRdyqorcNHCDVynxsMrASOvt%2BpbrZpa7BIeCN%2FqErSpiExu1lDnhKM4IAcx2C1dVmaJTmskkieQQANSFeXq9BqNNesWthf5N%2FE6clYd8nJmMkDxxzpppCv%2Fj7AEaSpREH3nGjIDeH1nYN8FWcLQ1TZjP0DvA%2FgKEzXBGkwE%3D%3C%2FCIPHERVALUE%3E%3C%2FCIPHERDATA%3E%26gt%3B%22%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Components.PostAttachments%2F00%2F10%2F43%2F53%2F40%2FMVC3%2520with%2520Windows%2520Identity%2520Foundation%2520and%2520ADFS.docx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20MVC3%20with%20Windows%20Identity%20Foundation%20and%20ADFS.docx%20%3C%2FA%3E%3C%2FP%3E%0A%20%0A%3CLINGO-TEASER%20id%3D%22lingo-teaser-287761%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Jul%2018%2C%202013%20How%20to%20authenticate%20with%20ADSF%20in%20Silverlight%205%20ApplicationThis%20article%20uses%20sample%20from%20http%3A%2F%2Fhashtagfail.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-287761%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Esilverlight%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft
First published on MSDN on Jul 18, 2013

How to authenticate with ADSF in Silverlight 5 Application


This article uses sample from http://hashtagfail.com/post/11094642160/wcf-wif-silverlight-active-federation as start point and gives an example how to modify that sample to setup ADSF as STS token service for Silverlight 5 to authenticate against. ADSF returns saml token to Web Application that hosting SL5 application, and is decrypted and then get user Claims back to Silverlight Application for later WCF calls from Silverlight Application.


1. We start with Sample from http://hashtagfail.com/post/11094642160/wcf-wif-silverlight-active-federation - download and setup the sample. This sample uses its own in-process STS service. We are going to replace the STS service with ADSF as STS token service.


2. Remove the project IdentityProviderAndSts from the sample solution.


3. Add ADSF STS token service


See the attached document for examples how to add ADSF STS token service in a project. Note the attached doc is a separated example on how to add ADSF STS token service to MVC Web Application. It is referenced here for the screen shots in the document how to add ADSF STS Service Reference - the stesp are the same. You can ignore the MVC part which is unrelated to this topic.


4. Deploy cleintaccesspolicy.xml to the root of the web site for ADSF, otherwise cross domain calls will be blocked.


Below is an example. Tighten teh security as you need,


<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*" http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*" />
<domain uri="https://*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
<socket-resource port="4502-4530" protocol="tcp" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>


5. If you see error regarding audienceUri , you will need to modify the web.config as below:



Error:


ID1032: At least one 'audienceUri' must be specified in the SamlSecurityTokenRequirement when the AudienceUriMode is set to 'Always' or 'BearerKeyOnly'.Either add the valid URI values to the AudienceUris property of SamlSecurityTokenRequirement,  or turn off checking by specifying an AudienceUriMode of 'Never' on the SamlSecurityTokenRequirement.



Resolve this error by adding (or changing) this in web.config. Note it is the Service tag that does not have any name in it. (there are other service tags with name= in web.config, those are generated by when adding the ADSF STS reference and so cannot be changed.)



Note: in this sample below, https://sqlbackend.contoso.com/FibonacciFederatedAuth/ is the web application hosting the Silverlight Application.


And, SQLReports.contoso.com is the ADSF server.



<microsoft.identityModel>


<service>



<audienceUris mode="Never">



<add value= https://sqlbackend.contoso.com/FibonacciFederatedAuth/ />



</audienceUris>



<federatedAuthentication>



<wsFederation passiveRedirectEnabled="false"
issuer="https://sqlreports.contoso.com/adfs/services/trust/13/usernamemixed"
realm="https://sqlbackend.contoso.com/FibonacciFederatedAuth"
requireHttps="true" />



<cookieHandler requireSsl="true" />



</federatedAuthentication>



<applicationService>



<claimTypeRequired>



<!--Following are the claims offered by STS 'http://localhost/IdentityProviderAndSts'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->



<claimType type= http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name optional="true" />



<claimType type= http://schemas.microsoft.com/ws/2008/06/identity/claims/role optional="true" />



</claimTypeRequired>



</applicationService>



<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">



<trustedIssuers>



<add thumbprint="E189797A491467A5B1DB027D1F5EFBB97B1D0476" name="http://SQLReports.contoso.com/adfs/services/trust" />



</trustedIssuers>



</issuerNameRegistry>



<certificateValidation certificateValidationMode="None"/>


</service>


</microsoft.identityModel>



comment out
<!--federatedServiceHostConfiguration name="FibonacciService.FibonacciService" /--> if exists.



6. Decrypt the raw token returned by ADSF in a helper project.


Take the sample solution as an example,  we need to change the code in tokenProcessor.cs (in SL.IdentityModel.Server project):


private SecurityToken ReadXmlToken(string
tokenXml)
{
using (StringReader strReader = new StringReader(tokenXml))
{


using (XmlReader reader=XmlReader.Create(strReader))


{


X509Certificate2 cert = CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=DefaultApplicationCertificate");


SecurityTokenHandlerCollection handlers = SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();



List<SecurityToken>tokens = new List<SecurityToken>();



tokens.Add(new X509SecurityToken(cert));



SecurityTokenResolver serviceResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(tokens), true);




handlers.Configuration.ServiceTokenResolver = serviceResolver;


handlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://sqlreports.contoso.com/adfs/services/trust/13/usernamemixed"));


var registry = new ConfigurationBasedIssuerNameRegistry();


registry.AddTrustedIssuer("Thumbprint", "http://SQLReports.contoso.com/adfs/services/trust");


handlers.Configuration.IssuerNameRegistry = registry;


var samlToken = handlers.ReadToken(reader);


return samlToken;


}
}




7. If you are considering passing the raw token xml returned by ADSF to Silverlight application for further options such as passing the raw token with the WCF calls and let remote WCF service decrypt the raw token to get User Claims out of it, below is how you can add the raw token into cache and then retrieve it in Silverlight Application. Note we cannot decrypt the token inside Silverlight project.


In ClaimsIdentitySessionManager.cs file (project SL.IdentityModel), modify the following code:


private void trustClient_IssueCompleted( object sender, IssueCompletedEventArgs e )


{


if ( null == e.Error)


{



//jason added



RequestSecurityTokenResponse rstr = e.Result;



string appliesTo;




if (null == rstr.AppliesTo || null == rstr.AppliesTo.Uri)


{



throw new ArgumentException("No appliesTo in RequestSecurityTokenResponse");



}




appliesTo = rstr.AppliesTo.Uri.AbsoluteUri;



_tokenCache.AddTokenToCache(rstr.AppliesTo.Uri.AbsoluteUri, rstr);



//jason added ends



ClaimsIdentitySessionManager.Current.SetSessionCookieAsync( e.Result.RequestedSecurityToken.RawToken );


}


else if ( null != SignInComplete )


{



SignInComplete( sender, new SignInEventArgs( null, e.Error ) );


}


}



//jason added


public RequestSecurityTokenResponse getRSTRFromTokenCache(string appliesTo)


{


return _tokenCache.GetTokenFromCache(appliesTo);


}


//jason added ends



Retrieve the raw token in SL5 application from the cache, such as mainpage.xaml.cs:


if (ClaimsIdentitySessionManager.Current.User.ClaimsIdentity.IsAuthenticated)


{
RequestSecurityTokenResponse rsts=ClaimsIdentitySessionManager.Current.getRSTRFromTokenCache("https://sqlbackend.contoso.com/FibonacciFederatedAuth/");



RequestedSecurityToken token = rsts.RequestedSecurityToken;


}



PS. ADSF Raw token xml Example:



<xenc:EncryptedData
Type=\"http://www.w3.org/2001/04/xmlenc#Element\"
xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><xenc:EncryptionMethod
Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"
/><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><e:EncryptedKey
xmlns:e=\"http://www.w3.org/2001/04/xmlenc#\"><e:EncryptionMethod
Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"><DigestMethod
Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /></e:EncryptionMethod><KeyInfo><o:SecurityTokenReference
xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><X509Data><X509I...>"



MVC3 with Windows Identity Foundation and ADFS.docx