Today I will show you how use a token issued by ACS to login into SDS using it’s SOAP API. Again two step process:

Step 1: Get a token from ACS (using UserName/Passoword) for SDS.

 var binding = new WSHttpBinding("userNameForCert");

 //ACS(STS) signing certificate...       

var certData = GetACSCertificate();

//only public key cert. use to secure communication.

var acsCert = new X509Certificate2(certData);

var identity = new X509CertificateEndpointIdentity(acsCert);

var epa = new EndpointAddress(new Uri(" for certificate feb2005"), identity); 

var trustVersion = TrustVersion.WSTrustFeb2005;

var clientCredentials = new ClientCredentials();

clientCredentials.UserName.UserName = SolutionUserName;

clientCredentials.UserName.Password = SolutionPassword;


WSTrustClient client = new WSTrustClient(binding, epa, trustVersion, clientCredentials);

RequestSecurityToken rst = new RequestSecurityToken(RequestTypeConstants.Issue, KeyTypeConstants.Symmetric);

rst.AppliesTo = new EndpointAddress("");

RequestSecurityTokenResponse rstr;

var samltok = client.Issue(rst, out rstr);

Here is the binding configuration I used for talking to ACS:

  <binding name="userNameForCert">

    <security mode="Message">

      <message clientCredentialType="UserName" negotiateServiceCredential="false"

        establishSecurityContext="false" />




Step 2: Forward this token to SDS when creating a new container.

I have generated the SDS proxy (and other classes) by simply doing an “Add Service Reference” from inside visual studio. SDS metadata is exposed at:


var sdsBinding = new CustomBinding("sitka");

var sdsClient = new SDS.SitkaSoapServiceClient(sdsBinding,

    new EndpointAddress(""));


var sdsProxy = sdsClient.ChannelFactory.CreateChannelWithIssuedToken(samltok);

var authorityScope = new SDS.Scope();

authorityScope.AuthorityId = "zamd01";


var c1 = new SDS.Container();

c1.Id = "NewContainerId";

sdsProxy.Create(authorityScope, c1);

Console.WriteLine("New container is created...");


SDS binding looks like this:

  <binding name="sitka">

    <security authenticationMode="IssuedTokenOverTransport">


        <issuer address="http://dummy" binding="basicHttpBinding"/>





And here is a snapshot of my SDS account highlighting the newly created container.