This documentation is archived and is not being maintained.
Securing WCF Services with ACS
Published: April 7, 2011
Updated: June 19, 2015
Applies To: Azure
In this scenario a WCF SOAP Service needs to integrate a third-party authentication and an identity management system
There are several challenges associated with the scenario:
-
How to configure WCF bindings to request a token from ACS?
-
How to validate the incoming token issued by the identity provider?
-
How to parse the incoming token?
-
How to implement authorization checks?
-
How to transform tokens by adding, removing, or changing the claims types and values?
-
How to do all of the above using configuration rather than coding?
ACS provides a solution to the scenario as depicted in the following image.
-
The UserNameWSTrustBinding, CertificateWSTrustBinding, and IssuedTokenWSTrustBinding classes are available as part of the Windows Identity Foundation’s (WIF) Microsoft.IdentityModel.Protocols.WSTrust.Bindings namespace and they are used to request a token from ACS.
-
Windows Identity Foundation (WIF) is used to validate incoming tokens.
-
Windows Identity Foundation (WIF) is used to parse the incoming tokens.
-
Windows Identity Foundation (WIF) is used to implement authorization checks.
-
The ACS rule engine is used to transform tokens.
-
Most of the work is done using the configuration either in the application’s web.config or/and through the ACS Management Portal.
| Category | Topics |
|---|---|
|
Authentication |
Explained |
|
Authorization |
Explained How-To’s |
|
Token flow and transformation |
Explained How-To’s |
|
Trust management |
Explained |
|
Code Sample |
|
See Also
Show: