SALES: 1-800-867-1380

Securing WCF Services with ACS

Published: April 7, 2011

Updated: July 14, 2014

Applies To: Azure

In this scenario a WCF SOAP Service needs to integrate a third-party authentication and an identity management system

ACS v2 WCF Scenario

There are several challenges associated with the scenario:

  • How to configure WCF bindings to request a token from ACS?

  • How to validate the incoming token issued by the identity provider?

  • How to parse the incoming token?

  • How to implement authorization checks?

  • How to transform tokens by adding, removing, or changing the claims types and values?

  • How to do all of the above using configuration rather than coding?

ACS provides a solution to the scenario as depicted in the following image.

ACS v2 WCF Scenario and Solution
  • The UserNameWSTrustBinding, CertificateWSTrustBinding, and IssuedTokenWSTrustBinding classes are available as part of the Windows Identity Foundation’s (WIF) Microsoft.IdentityModel.Protocols.WSTrust.Bindings namespace and they are used to request a token from ACS.

  • Windows Identity Foundation (WIF) is used to validate incoming tokens.

  • Windows Identity Foundation (WIF) is used to parse the incoming tokens.

  • Windows Identity Foundation (WIF) is used to implement authorization checks.

  • The ACS rule engine is used to transform tokens.

  • Most of the work is done using the configuration either in the application’s web.config or/and through the ACS Management Portal.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft