Home Library Learn Samples Downloads Support Community Forums
1 out of 5 rated this helpful - Rate this topic

Code Sample: WCF Certificate Authentication

Published: April 7, 2011

Updated: January 4, 2013

Applies To: Windows Azure

This sample illustrates how to authenticate to Windows Azure Active Directory Access Control (also known as Access Control Service or ACS) using a client certificate and obtain access to a WCF relying party. It includes a WCF service and a WCF client as command line applications. The WCF service requires a SAML token from the ACS certificate endpoint. The client follows the service binding to request a token from ACS using WS-Trust protocol with a client certificate registered with ACS. The code for this sample is in the Acs2CertificateBindingSample subdirectory (C#\WebServices\Acs2CertificateBindingSample) of the Windows Azure Active Directory Access Control (ACS) Code Samples package.

Prerequisites

To run this sample, you will need:

  1. An account in the Windows Azure Management Portal (http://go.microsoft.com/fwlink/?LinkId=275081).

  2. Visual Studio 2010 (any version)

Configuring the Sample

The ACS configuration required for this sample can be performed using either the ACS Management Portal or the ACS Management Service. This topic describes both options.

Option 1: Configuring the Sample Using the ACS Management Portal

To configure the sample using the ACS Management Portal

  1. Go to the Windows Azure Management Portal, sign in, and then click Active Directory.

  2. To create an Access Control namespace, click New, click App Services, click Access Control, and then click Quick Create. (Or, click Access Control Namespaces before clicking New.)

  3. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

    This action opens the Access Control Service management portal.

  4. To register your application with ACS, click Relying Party Applications, click Add, and then enter the following information in the form:

    • In Name, type Certificate Binding Sample RP.

    • In Realm, enter http://localhost:7000/Service/Default.aspx.

    • In Token encryption policy, select Require Encryption.

    • In Identity Providers, clear any selected identity providers.

  5. Click Save.

  6. With your relying party application registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we create a rule that passes through any claim that ACS receives.

    To create this rule, click Rule Groups, and then click Default Rule Group for Certificate Binding Sample. Add a new rule with the following settings:

    • In Claim issuer, click Access Control Service.

    • In Input claim type, click Any.

    • In Input claim value, click Any.

    • In Output claim type, click Pass through input claim type.

    • In Output claim value, click Pass through input claim value.

  7. The last step is registering the certificate for the client application to use. To configure a new client certificate, select Service identities, click Add, and enter a name. From the Type list, select X.509 Certificate, and browse to the ACS2ClientCertificate.cer file in the Certificates folder of this sample. Click Save.

Option 2: Configuring the Sample Using the ACS Management Service

The Visual Studio sample solution has a console application called ConfigureSample that uses the ACS Management Service and the common helpers that are defined in the Common class library. You can use this application to configure your Access Control namespace for use with this sample.

To configure the sample using the ACS Management Service

  1. To configure the sample, open SamplesConfiguration.cs (acs\Management\ManagementService\Common). Replace the placeholders in the SamplesConfiguration class in the Common class library with information about your Access Control namespace. You can find the information in the ACS Management Portal.

    To navigate to the ACS Management Portal: Go to the Windows Azure Management Portal, sign in, and then click Active Directory. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

    • ServiceNamespace - Enter the name of your Access Control namespace.

    • ManagementServiceIdentityName - Enter the name of an ACS management service account. The default is ManagementClient.

      To find the management service account name, in the ACS Management Portal, click Management service. The accounts are listed by name under Management Service Accounts.

    • ManagementServiceIdentityKey - Enter the password for the management service account.

      To find the management service account password, in the ACS Management Portal, click Management service. Click the name of a management service account, and then, under Credentials, click Password. The password appears in the Password field. To copy the password, click Show Password.

  2. Run the ConfigureSample application in Visual Studio. This will configure ACS to run this sample.

Running the Sample

To run the sample

  1. Open the sample in Visual Studio. The solution consists of two projects: WcfService and WcfClient.

  2. If you have not already done so, enter your Access Control namespace details in Common\SamplesConfiguration.cs. For more details, see step 1 of Option 2: Configuring the Sample Using the ACS Management Service above. The WcfService and WcfClient projects also use this file.

  3. To run the sample, start the WcfService, and then start the WcfClient. At the client, enter a string to reverse.

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.
|
Site Feedback
© 2013 Microsoft. All rights reserved.