Securing WCF Services with ACS
Updated: June 19, 2015
Applies To: Azure
Scenario
In this scenario a WCF SOAP Service needs to integrate a third-party authentication and an identity management system
There are several challenges associated with the scenario:
How to configure WCF bindings to request a token from ACS?
How to validate the incoming token issued by the identity provider?
How to parse the incoming token?
How to implement authorization checks?
How to transform tokens by adding, removing, or changing the claims types and values?
How to do all of the above using configuration rather than coding?
Solution
ACS provides a solution to the scenario as depicted in the following image.
The UserNameWSTrustBinding, CertificateWSTrustBinding, and IssuedTokenWSTrustBinding classes are available as part of the Windows Identity Foundation’s (WIF) Microsoft.IdentityModel.Protocols.WSTrust.Bindings namespace and they are used to request a token from ACS.
Windows Identity Foundation (WIF) is used to validate incoming tokens.
Windows Identity Foundation (WIF) is used to parse the incoming tokens.
Windows Identity Foundation (WIF) is used to implement authorization checks.
The ACS rule engine is used to transform tokens.
Most of the work is done using the configuration either in the application’s web.config or/and through the ACS Management Portal.
Solution Summary
Category | Topics |
---|---|
Authentication |
Explained |
Authorization |
Explained How-To’s |
Token flow and transformation |
Explained How-To’s |
Trust management |
Explained |
Code Sample |