This project is read-only.

Windows Phone 7 Sample App Readme

This sample illustrates how a Windows Phone 7 Silverlight application can make use of ACS to call a REST service. 

In the sample a directory service is locally hosted that returns a list of contact information. The phone app is then used to access this service. Users are able to authenticate to the service by signing into one of the identity providers Contoso has configured at their ACS Service Namespace. The code for this sample is in the Acs2WindowsPhoneSample folder of the ACS 2.0 Samples package.


To run this sample you will need:

  1.  Visual Studio 2010 (any version)
  2.  Windows Phone Developer Tools RTW
  3.  Windows Identity Foundation Runtime 
  4.  Silverlight 4 Tools for Visual Studio 
  5.  Internet Information Services (IIS) with ASP.NET and IIS 6 compatibility enabled

 See Prerequisites for more details. Note that it may be beneficial to walkthrough the Getting Started sample before running this sample.

Configuring the Sample

The ACS configuration required for this sample can be performing using either the ACS management portal, or the ACS management service.  Select one of the two options below to go to the relevant section.

Option 1: Configuring via the ACS Management Portal


1. Open a browser and navigate to and sign in. From there, navigate to the Service Bus, Access Control, and Caching section to configure your ACS service namespace. Once you have created a namespace, select it and click Manage > Access Control Service at the top of the page. This should launch the following page in a new window:

 2. The first step in configuring ACS is to establish relationships with the identity providers you would like the users of your website to use when logging in. To do this, click on the Identity providers link and add Yahoo! and Google. When both are added, click Home to return to the main page.


3. Next, register your application with ACS by creating a Relying Party in ACS. Click the Relying party applications link on the main page, then select Add and enter the following information in the subsequent form. Be sure to select SWT as the token type, and click Generate to create a token signing key. When complete, click the Save button.

4. With your relying party application registered, it is now time to create the rules that determine the claims that ACS will issue to your application. In this sample, we will simply pass through all the claims issued by the identity provider (Yahoo!, Google, or Windows Live ID). To do this, click Rule Groups from the main page, and click the Default Rule Group for ContosoContacts. At the bottom of the subsequent page, click the Generate link. Ensure that the three identity providers (Yahoo!, Google, and Windows Live ID) are selected and click Generate. Finally, click Save and navigate back to the main page.

Option 2: Configuring via the ACS Management Service


The Visual Studio sample solution has a console application called ConfigureSample which uses the ACS Management Service and the common helpers defined in the Common class library. This application can be used to configure your ACS service namespace for use with this sample.


1. Update the Common class library with information about your Service Namespace. Open SamplesConfiguration.cs and enter your: 

  •         ServiceNamespace - This is the namespace used with ACS.
  •         ManagementServiceIdentityName - This is a management service account’s Name
  •         ManagementServiceIdentityKey - This is the password associated with the management service account.
  •         AcsHostUrl - This is the host name of the ACS  

2. Run the ConfigureSample application in Visual Studio, which will configure ACS to run this sample.

3. When the ConfigureSample application completes, it will output the generated relying party signing key to the console. Copy this key to the clipboard.

Running the Phone App Sample

1. After the ACS Service Namespace and service endpoint have been set up successfully as described by the previous section, open the sample in Visual Studio (ContosoContactsApp.sln ) in administrator mode.

2. In the CustomerInformationService project, open Web.config and make the following modifications:

  • Set the value for IssuerIdentifier by replacing “Service Namespace” with the service namespace you have configured with ACS (e.g. “contoso”).
  • Set the ServiceKey to be the token signing key which was generated as part of your relying party application configuration.

3. In the ContosoContactsApp project, open SignIn.xaml and make the following modifications:

  • Set the service namespace under AccessControlServiceSignIn by replacing “[Service Namespace]”  with the service namespace you have configured with ACS (e.g. “contoso”).
  • Set the Realm to the value specified in your relying party application configuration.

4. Press F5 to start the application. When the Windows Phone emulator has started the “Contoso Contacts” app will load, you should see the following:


5. Click on the Sign In hyperlink. This will navigate to the Sign In page, hosted in the Silverlight application. Shown below:


6. This page in the app uses the AccessControlServiceSignIn control, from the sample; it is part of the SL.Phone.Federation project

7. Next, click an identity provider from the list. Once the link has been clicked the identity providers login page will be shown.

8. Sign into the identity provider. After signing into the identity provider a token will be issued by ACS, which is used to authenticate to the contact service. The Image below shows the list of contacts, from the service.

9. As an additional feature, the sample will store the token in persistent storage. This allows the service to be called multiple times across invocations of the app. The token can be cleared by clicking the Sign Out link on the application bar at the bottom of the app, which is shown below:


Last edited Apr 9, 2011 at 1:50 AM by oremel, version 29


RHAD Jul 30, 2012 at 3:25 PM 
Unfortunately it seems that all ACS related code samples are not working without heavy debugging.

Also this code doesn't run as said. I see the identity providers, but after clicking one of them I get a white screen where the AccessControlServiceSignIn.xaml control is.

So this code is of no use to me.

dextrus Jul 1, 2011 at 1:19 PM 
This is really useful! However it would be even more useful if it could actually be deployed to Azure and I'm still not sure how to do this.

ironmala Jun 1, 2011 at 8:23 PM 
I dont know why but, it only works for WLID. If you try login with facebook, google or yahoo, you stuck on Contacting IP_NAME... progress bar screen, and never move to the webbroser control for the authentication...

zomarev Feb 7, 2011 at 5:50 PM 

When I add ACS to PROD - I am not getting the same management screens (identity providers, etc) as in DEV. And the URLs are different: vs ...

How do I get SL.Phone.SignIn control to work with PROD.

Another issue with LABS is that I cannot understand what is the SecurityToken format it is sending and how to validate it. I expenst format http://blahblahHMACSHA256signature where HMACSHA256 is a separator. Instead from DEV I am getting: http://CRAPCRAPusernamename

I think it is either because DEV is is faking the signature or the two on DEV and PROD are two different kinds of animals.