Documentation Center

Authenticating users through the WCF .SVC API with WsTrust [deprecated]

The WCF .SVC web services use a valid Security Token provided by a Security Token Service (STS).

The API calls can be accessed by Windows Communication Foundation (WCF) .SVC services, which support claims-based authentication.

Getting a valid Security Token
Before you can access a WCF service, you need a valid Security Token provided by a trusted STS:
  1. The application asks the STS for a token providing credentials.
  2. The STS authenticates the credentials with an Identity Provider (IP).
  3. The STS generates a SAML token and returns the token to the application.
  4. The application sends the token to the service.
  5. The service validates and processes the token and establishes secure conversation context.

Getting a Content Manager user profile
Before you can execute an API call, the IIdentity name of the claims principle within the incoming SAML token must match to an unique Content Manager user profile via the field FISHEXTERNALID.

As the application is stateless, it is important that the token is handled within your code.

The user management system of Content Manager allows authorization and authentication for Internal user profiles. Every call checks that the user profile is still enabled.