How to access AD FS claims by User's credential?

Question

As I am developing a WCF web service to make an intermediator between user\'s login action and their active directory roles and permissions. I don\'t want my host applicatio

Answer 1

You should perform a web service call to the https://.../adfs/services/trust/13/usernamemixed endpoint of AD FS 2.0 which uses Integrated Windows Authentication, providing the user's credentials so that the connection can be set up. On this endpoint, call the http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue operation. (More details are in section 4.1 of the WS-Trust 1.3 specification.) The input for this operation is a RequestSecurityToken request. The response contains a SAML token containing the claims you require.

Note that the AD FS 2.0 WSDL is avaible at https://.../adfs/services/trust/mex: if you point your Visual Studio Add Service Reference wizard, or your Java wsimport, to that URL then you'll easily generate client code which you can use for performing the RST Issue operation.