Home Library Learn Samples Downloads Support Community Forums
MSDN Library
Online Services
Windows Azure
Identity
Windows Azure Active Directory
Access Control Service 2.0
ACS How To's
How to: Add Portal Administrators
How to: Add Service Identities with an X.509 Certificate, Password, or Symmetric Key
How to: Authenticate to a REST WCF Service Deployed to Windows Azure Using ACS
How to: Authenticate with a Client Certificate to a WCF Service Protected by ACS
How to: Authenticate with a Username and Password to a WCF Service Protected by ACS
How to: Configure AD FS 2.0 as an Identity Provider
How to: Use ACS Management Service to Configure AD FS 2.0 as an Enterprise Identity Provider
How to: Configure Google as an Identity Provider
How to: Configure Facebook as an Identity Provider
How to: Use ACS Management Service to Configure Facebook as an Internet Identity Provider
How to: Configure Yahoo! as an Identity Provider
How to: Configure Trust Between ACS and WCF Service Using Symmetric Keys
How to: Configure Trust Between ACS and ASP.NET Web Applications Using X.509 Certificates
How to: Create an Access Control Namespace
How to: Create My First Claims-Aware ASP.NET Application Using ACS
How to: Create My First Claims-Aware ASP.NET Service Using ACS
How to: Delete an Access Control Namespace
How to: Host Login Pages in Your ASP.NET Web Application
How to: Implement Token Transformation Logic Using Rules
How to: Implement Claims Authorization in a Claims-Aware ASP.NET Application Using WIF and ACS
How to: Implement Role Based Access Control (RBAC) in a Claims-Aware ASP.NET Application Using WIF and ACS
How to: Manage the Access Control Namespace for a Service Bus
How to: Request a Token from ACS via the OAuth WRAP Protocol
How to: Use an Error URL for Custom Error Handling
How to: Use ACS Management Service to Configure an OpenID Identity Provider
How to: Use ACS Management Service to Configure Certificates and Keys
How to: Use ACS Management Service to Configure Relying Party Applications
How to: Use ACS Management Service to Configure Rules and Rule Groups
How to: Use ACS Management Service to Configure Service Identities
Expand Minimize
0 out of 6 rated this helpful - Rate this topic

How to: Configure Trust Between ACS and WCF Service Using Symmetric Keys

Published: April 7, 2011

Updated: January 4, 2013

Applies To: Windows Azure

Applies To

  • Windows Azure Active Directory Access Control (also known as Access Control Service or ACS)

  • Windows® Communication Foundation (WCF)

  • Representational State Transfer (REST)

Summary

This topic describes how to configure trust between your application and ACS. Trust is established by signing the tokens that are exchanged between your application and ACS.

Contents

  • Objectives

  • Overview

  • Summary of Steps

  • Step 1 – Navigate to the Token Signing Keys Section

  • Step 2 – Configure Trust Using Symmetric Keys

  • Step 3 – Review Trust-Related Attributes in web.config and the ACS Management Portal

Objectives

  • Become familiar with the trust management section on the ACS Management Portal.

  • Manage trust using X.509 certificates.

  • Manage trust using a symmetric key.

  • Verify the required configuration in web.config and on the Management Portal.

Overview

Establishing trust is required to properly exchange tokens between your application and ACS. Trust makes sure the tokens are not tampered with in transit and that they are issued by a trusted party. Trust is managed using either X.509 certificates or symmetric keys and is based on the configuration of the ACS Management Portal and the web.config configuration.

Summary of Steps

To establish and manage trust between WCF service and ACS follow these steps:

  • Step 1 – Navigate to the Token Signing Keys Section

  • Step 2 – Configure Trust Using Symmetric Keys

  • Step 3 – Review Trust-Related Attributes in web.config and the ACS Management Portal

Step 1 – Navigate to the Token Signing Keys Section

This step shows how to navigate to the trust management section on the ACS Management Portal.

To navigate to the section related to trust management on the Management Portal

  1. Go to the Windows Azure Management Portal, sign in, and then click Active Directory.

  2. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

  3. Click Relying party applications and then click a relying party application.

  4. On the Edit Relying Party Application page, scroll down to the Token Signing Keys section.

  5. Click the desired key

Step 2 – Configure Trust Using Symmetric Keys

This step shows how to configure and manage the trust between an ASP.NET web application and ACS using a symmetric key. Use a 256-bit symmetric signing key if you are building an application that uses OAuth WRAP.

To configure and manage trust using a symmetric key

  1. Go to the Windows Azure Management Portal, sign in, and then click Active Directory.

  2. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

  3. Click Certificates and keys and then select a key.

  4. On the Edit Token Signing Certificate or Key page provide the following values:

    1. Name: An arbitrary name of your choice.

    2. Type: Select Symmetric Key.

    3. Key: Click Generate to create a randomly generated 256-bit symmetric key.

    4. Effective date: Specify the start date for the key in mm/dd/yyyy format.

    5. Expiration date: Specify the ending date for the key in mm/dd/yyyy format.

  5. Click Save.

Step 3 - Review Trust Related Attributes in web.config and the ACS Management Portal

This step shows how to validate trust-related configuration attributes in the web.config ASP.NET web application.

To verify trust-related configurations in the web.config ASP.NET web application

  1. Open your web.config ASP.NET web application.

  2. Navigate to the audiencesUris node and note the value of its child add node. The value must match the value of the Realm property on the Edit Relying Party page of the ACS Management Portal.

  3. Go to the Windows Azure Management Portal, sign in, and then click Active Directory.

  4. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

  5. Click Relying party applications and then click a relying party application.

  6. Verify that the value of the Realm property on the Edit Relying Party Application page matches the value of the add node in the audienceUris node in web.config.

See Also

Concepts

ACS How To's

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.