wcf icon indicating copy to clipboard operation
wcf copied to clipboard
verified publisher icon dotnet

Missing class WSSecurityTokenSerializer in 6.0.0-preview1.23060.3

Open martintro opened this issue 2 years ago • 7 comments

We are trying to move from .NET Framework to .NET 6 and we have a class which inherits from WSSecurityTokenSerializer. I cannot find it in this project yet, not even in the preview-version. Do you have any plans to implement it or is there a reason you have skipped it so far (other than lack of time :))?

martintro avatar Mar 01 '23 16:03 martintro

After reading @mconnew answer in issue #5026 I found this class in the System.ServiceModel.Primitives project, but cannot be found/is not made public via the System.ServiceModel.Primitives.Ref project.

Will it be possible to make it visible via the System.ServiceModel.Primitives.Ref project as well? Or is there a reason it hasn't already been done?

martintro avatar Mar 02 '23 09:03 martintro

Which constructor(s) do you need? WSSecurityTokenSerializer has a constructor which takes a SamlSerializer, but our implementation is a dummy empty class as we don't do anything with Saml in Primitives. Anything handling Saml is done in the System.ServiceModel.Federation package and that uses the Microsoft.IdentityModel.Protocols.WsTrust package to do Saml serialization.
Can you provide which API's you need from WSSecurityTokenSerializer and I can tell you how feasible it is to expose. We should also have tests for it if it's exposed, at least for your use case. The tests would just be something like creating a GenericXmlSecurityToken and calling WriteToken and make sure the Xml written is correct.

mconnew avatar Mar 02 '23 19:03 mconnew

As far as I've found out so far we use the following APIs:

  1. new WSSecurityTokenSerializer() to just create the class and then call method public void WriteToken(XmlWriter writer, SecurityToken token) (this one is not totally neccessary for us as number 2 and 3 below)
  2. Where we inherit from WSSecurityTokenSerializer we use the following constructor public CustomSerializer(SecurityVersion securityVersion, TrustVersion trustVersion, SecureConversationVersion secureConversationVersion, bool emitBspRequiredAttributes, SamlSerializer samlSerializer, SecurityStateEncoder securityStateEncoder, IEnumerable<Type> knownTypes) : base(securityVersion, trustVersion, secureConversationVersion, emitBspRequiredAttributes, samlSerializer, securityStateEncoder, knownTypes), BUT we only pass values to first 4 parameters and null to the rest like return new CustomSerializer(version2.SecurityVersion, version2.TrustVersion, version2.SecureConversationVersion, version2.EmitBspRequiredAttributes, null, null, null)
  3. Where we inherit from WSSecurityTokenSerializer we override the following methods protected override bool CanReadTokenCore(XmlReader reader), protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver), protected override bool CanWriteTokenCore(SecurityToken token) and protected override void WriteTokenCore(XmlWriter writer, SecurityToken token)

Sounds reasonable to have tests for it, of course :) Do you think it would be possible to expose the APIs above?

martintro avatar Mar 04 '23 23:03 martintro

any updates here? we want to extend the WSSecurityTokenSerializer and do some overrrites

david-hass avatar Aug 23 '23 15:08 david-hass

I need extend the WSSecurityTokenSerializer to override WriteTokenCore and customize the behavior.

any updates?

andferr avatar Nov 27 '23 09:11 andferr

Hello We are need also to override WriteTokenCore of the WSSecurityTokenSerializer When it 'll possible?

annashevgeneva avatar Nov 28 '23 13:11 annashevgeneva

I need extend the WSSecurityTokenSerializer to override WriteTokenCore and customize the behavior.

any updates?

3slam avatar Sep 17 '24 07:09 3slam