Code Sample: WCF Username Authentication

Published: April 7, 2011

Updated: January 4, 2013

Applies To: Windows Azure

This sample illustrates how to use a user name and password to authenticate to Windows Azure Active Directory Access Control (also known as Access Control Service or ACS) and obtain access to a Windows Communication Foundation (WCF) relying party. It includes a WCF service and a WCF client as command-line applications. The WCF service requires a Security Assertion Markup Language (SAML) token from the ACS user name endpoint. The client follows the service binding to request a token from ACS using the WS-Trust protocol with a user name and password that is registered with ACS. The code for this sample is in the Acs2UsernameBindingSample (C#\WebServices\Acs2UsernameBindingSample) subdirectory of the Windows Azure Active Directory Access Control (ACS) Code Samples package.

Prerequisites

To run this sample, you will need:

1. An account in the Windows Azure portal (http://go.microsoft.com/fwlink/?LinkId=130560) and an Access Control namespace.
   
   
2. Visual Studio 2010 (any version)
   
   

For more details, see ACS Prerequisites (http://go.microsoft.com/fwlink/?LinkId=221065).

Configuring the Sample

The ACS configuration that is required for this sample can perform using either the ACS Management Portal or the ACS Management Service. This topic describes both options.

1. Option 1: Configuring the sample using the ACS Management Portal
   
   
2. Option 2: Configuring the sample using the ACS Management Service
   
   

Option 1: Configuring the Sample Using the ACS Management Portal

To configure the sample using the ACS Management Portal

1. Go to the Windows Azure Management Portal, sign in, and then click Active Directory.

2. To create an Access Control namespace, click New, click App Services, click Access Control, and then click Quick Create. (Or, click Access Control Namespaces before clicking New.)

3. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

   This action opens the Access Control Service management portal.

4. To register your application with ACS, click the Relying party applications, click Add, enter the following information in the form, and then click Save.

   • In Name, type Username Binding Sample RP.
     
     
   • In Realm, enter http://localhost:7100/Service/Default.aspx.
     
     
   • In Token encryption policy, click Require Encryption.
     
     
   • In Identity Providers, clear any selected identity providers.
     
     

5. With your relying party registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we create a rule that grants any claim that ACS generates to pass through. To create this rule, , click Rule groups, and then click Default Rule Group for Username Binding Sample. Add a new rule with the following settings, and then click Save.

   • In Claim issuer, click Access Control Service.
     
     
   • In Input claim type, click Any.
     
     
   • In Input claim value, click Any.
     
     
   • In Output claim type, click Pass through input claim type.
     
     
   • In Output claim value, click Pass through input claim value.
     
     

6. This sample relies on credentials that ACS manages. The last step to configure ACS is to register the user name and password for the client application to use. To configure a new user name, Service identities, click Add, and then fill out the form. For this sample, enter acssample as the user name, select Password as the Type, enter pass@word1 as the password, and then click Save.

Option 2: Configuring the Sample Using the ACS Management Service

The Visual Studio sample solution has a console application called ConfigureSample that uses the ACS Management Service and the common helpers that are defined in the Common class library. You can use this application to configure your Access Control namespace for use with this sample.

To configure the sample using the ACS Management Service

1. To update the Common class library with information about your Access Control namespace, open SamplesConfiguration.cs, and then enter the following information:

   • ServiceNamespace. This is the Access Control namespace that is used in ACS.
     
     
   • ManagementServiceIdentityName. This is a management service account’s name.
     
     
   • ManagementServiceIdentityKey. This is the password that is associated with the management service account.
     
     
   • AcsHostUrl This is the host name of ACS.
     
     

2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.

Running the Sample

To run the sample

1. Open the sample in Visual Studio. The solution consists of two projects: WcfService and WcfClient.

2. If you have not already done so, enter your Access Control namespace details in Common\SamplesConfiguration.cs. For more details, see step 1 of Option 2: Configuring the Sample Using the ACS Management Service. The WcfService and WcfClient projects also use this file.

3. Open the App.config file in the WcfClient project to verify that your user name and password in the appropriate AppSettings elements are correct. To obtain the user name and password you registered previously, refer to the Service Identities area of the portal. The following is a code snippet showing this area (properly updated) of the Client App.config file:

     <appSettings>
       <!-- Service configuration -->
       <add key="ServiceAddress" value="http://localhost:7100/Service/Default.aspx"/>
       <add key="ServiceCertificateFilePath" value="..\..\..\Certificates\WcfServiceCertificate.cer"/>
   
       <!-- Client configuration -->
       <add key="ClientUsername" value="acssample"/>
       <add key="ClientPassword" value="pass@word1"/>
   
     </appSettings>
   
   

4. To run the sample, start the WcfService, and then start the WcfClient. At the client, enter a string to reverse.